Email Subscribers & Newsletters Security Vulnerabilities and Issues — Email Subscribers & Newsletters CVE List

Lucene search

Email Subscribers & Newsletters ProjectEmail Subscribers & Newsletters

2 matches found

CVE•added 2022/03/07 9:15 a.m.•88 views

CVE-2022-0439

The Email Subscribers & Newsletters WordPress plugin before 5.3.2 does not correctly escape the order and orderby parameters to the ajax_fetch_report_list action, making it vulnerable to blind SQL injection attacks by users with roles as low as Subscriber. Further, it does not have any CSRF protect...

8.8CVSS9AI score0.10004EPSS

CVE•added 2018/06/26 2:29 p.m.•42 views

CVE-2018-0602

Cross-site scripting vulnerability in Email Subscribers & Newsletters versions prior to 3.5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

6.1CVSS6AI score0.00248EPSS