4 matches found
CVE-2024-27960
CVE-2024-27960 affects the Email Subscription Popup WordPress plugin (I Thirteen Web Solution) up to version 1.2.20. Root cause: improper neutralization of input during web page generation, enabling Stored XSS. Impact per sources is low confidentiality/integrity impact with user interaction requi...
CVE-2023-6527
Email Subscription Popup (WordPress plugin) is affected by a Reflected XSS via the HTTP_REFERER header in all versions up to 1.2.18 due to insufficient input sanitization and output escaping. Exploitation requires user interaction and unauthenticated access. Root cause: inadequate input handling ...
CVE-2024-11195
The Email Subscription Popup plugin for WordPress (versions up to and including 1.2.22) is vulnerable to Stored Cross-Site Scripting via the print_email_subscribe_form shortcode due to insufficient input sanitization and output escaping on user-supplied attributes. Authenticated attackers with co...
CVE-2023-6555
CVE-2023-6555 affects the Email Subscription Popup WordPress plugin prior to 1.2.20. The vulnerability is a Reflected XSS caused by not sanitizing/escaping a parameter before echoing it back in the page, potentially exploitable against high-privilege users (e.g., admins). Public details in connec...