Cross-site request forgery (CSRF) vulnerability in the MailPoet Newsletters (wysija-newsletters) plugin before 2.6.11 for WordPress allows remote attackers to hijack the authentication of arbitrary users.
7.5AI Score
0.002EPSS
The MailPoet Newsletters (wysija-newsletters) plugin before 2.6.7 for WordPress allows remote attackers to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in wp-content/uploads/wysija/themes/mailp/.
7.9AI Score
0.296EPSS
Unspecified vulnerability in the MailPoet Newsletters (wysija-newsletters) plugin before 2.6.8 for WordPress has unspecified impact and attack vectors.
6.9AI Score
0.003EPSS
An issue was discovered in the MailPoet Newsletters (aka wysija-newsletters) plugin before 2.8.2 for WordPress. The plugin is vulnerable to SPAM attacks.
5.3CVSS
5.3AI Score
0.001EPSS
The MailPoet plugin before 3.23.2 for WordPress allows remote attackers to inject arbitrary web script or HTML using extra parameters in the URL (Reflective Server-Side XSS).
6.1CVSS
6.3AI Score
0.001EPSS
The Newsletters WordPress plugin before 4.9.3 does not properly escape user-controlled parameters when they are appended to SQL queries and shell commands, which could enable an administrator to run arbitrary commands on the server.
7.2CVSS
7.2AI Score
0.0005EPSS