Newsletter Popup Security Vulnerabilities and Issues — Newsletter Popup CVE List

Lucene search

Mndpsingh287Newsletter Popup

4 matches found

CVE•added 2024/05/16 6:15 a.m.•59 views

CVE-2024-3642

The Newsletter Popup WordPress plugin through 1.2 does not have CSRF check when deleting subscriber, which could allow attackers to make logged in admins perform such action via a CSRF attack

6.9CVSS6.6AI score0.00131EPSS

CVE•added 2024/05/16 6:15 a.m.•56 views

CVE-2024-3641

The Newsletter Popup WordPress plugin through 1.2 does not sanitise and escape some parameters, which could allow unauthenticated visitors to perform Cross-Site Scripting attacks against admins

6.1CVSS6.2AI score0.00211EPSS

CVE•added 2024/05/16 6:15 a.m.•48 views

CVE-2024-3643

The Newsletter Popup WordPress plugin through 1.2 does not have CSRF check when deleting list, which could allow attackers to make logged in admins perform such action via a CSRF attack

8.8CVSS6.6AI score0.00284EPSS

CVE•added 2024/05/16 6:15 a.m.•46 views

CVE-2024-3644

The Newsletter Popup WordPress plugin through 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

4.8CVSS5.6AI score0.00064EPSS