PT-2026-24546

The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 4.11.1. This is due to the plugin trusting the mc4wp action POST parameter without validation, allowing unauthenticated attackers to force the form to process...

EUVD-2025-30840

Malicious code in bioql PyPI...

CVE-2025-59413 CubeCart Unauthorized Newsletter Unsubscription via force_unsubscribe Parameter

CubeCart is an ecommerce software solution. Prior to version 6.5.11, a logic flaw exists in the newsletter subscription endpoint that allows an attacker to unsubscribe any user without their consent. By changing the value of the forceunsubscribe parameter in the POST request to 1, an attacker can...

WordPress WP Mailster Plugin Cross-Site Scripting Vulnerability

WP Mailster is a WordPress plugin that allows your users to be part of a group and communicate via email without having to log into your website. A cross-site scripting vulnerability exists in the unsubscription handler in the WordPress plugin WP Mailster before 1.5.5. An attacker can exploit thi...

易想团购 subscribe.php unsubscribe参数 SQL注入

No description provided by source...

WordPress WP-PHPList Plugin 2.10.2 'unsubscribeemail' Parameter Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/37096/info The WP-PHPList plugin for WordPress is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute...