Lucene search
K
PressifiedSendpress

8 matches found

CVE
CVE
added 2019/09/26 3:33 a.m.157 views

CVE-2015-9448

The CVE-2015-9448 issue affects the WordPress SendPress plugin (versions prior to 1.2). The vulnerability is an SQL Injection in the wp-admin/admin.php?page=sp-queue listid parameter. Impact per sources includes manipulation/exfiltration of data via the web interface, with CVSS scores indicating ...

8.8CVSS9.2AI score0.01927EPSS
Web
CVE
CVE
added 2024/04/08 5:0 a.m.77 views

CVE-2024-1588

The CVE CVE-2024-1588 affects the WordPress plugin “SendPress Newsletters” up to version 1.23.11.6. The issue is an Admin+ Stored XSS via Settings vulnerability caused by insufficient sanitisation/escaping of certain settings, enabling stored cross-site scripting by high-privilege users (e.g., ad...

6.8CVSS5.6AI score0.0071EPSS
CVE
CVE
added 2024/04/08 5:0 a.m.71 views

CVE-2024-1589

The CVE-2024-1589 issue affects the WordPress SendPress Newsletters plugin up to version 1.23.11.6. The root cause is that certain settings are not properly sanitised/escaped, enabling Stored Cross-Site Scripting (stored XSS) by high-privilege users (e.g., admins), even when unfiltered_html is di...

6.1CVSS5.7AI score0.00405EPSS
CVE
CVE
added 2024/06/13 11:51 p.m.60 views

CVE-2023-35040

CVE-2023-35040 affects WordPress plugin SendPress Newsletters (versions up to and including 1.23.11.6). The issue is described as a Missing Authorization / Broken Access Control vulnerability in SendPress Newsletters, with unauthenticated access potentially allowed due to insufficient authorizati...

9.8CVSS8.6AI score0.00347EPSS
CVE
CVE
added 2023/10/02 7:39 a.m.52 views

CVE-2023-41729

This CVE affects the WordPress SendPress Newsletters plugin. The vulnerability is a stored XSS issue exploitable by an authenticated admin+ user, affecting plugin versions up to 1.22.3.31. Multiple sources corroborate the issue and indicate remediation by updating to a newer version than 1.22.3.3...

5.9CVSS6.5AI score0.00316EPSS
CVE
CVE
added 2023/11/14 10:17 p.m.39 views

CVE-2023-47517

CVE-2023-47517 is a publicly documented Unauth. Reflected Cross-Site Scripting (XSS) vulnerability affecting the WordPress SendPress Newsletters plugin, specifically versions ≤ 1.23.11.6. The issue allows unauthenticated attackers to inject scripts via the reflected XSS vector, with the exact exp...

7.1CVSS6.9AI score0.00412EPSS
CVE
CVE
added 2023/11/07 11:31 a.m.36 views

CVE-2023-5660

CVE-2023-5660 affects the SendPress Newsletters WordPress plugin and enables Stored Cross-Site Scripting via shortcode attributes in all versions up to 1.22.3.31, with exploitation possible by authenticated contributors or higher. Technical details in connected sources confirm the shortcodes and ...

6.4CVSS5.2AI score0.0067EPSS
CVE
CVE
added 2023/10/10 7:47 a.m.35 views

CVE-2023-41730

CVE-2023-41730 is a CSRF vulnerability in the WordPress plugin SendPress Newsletters . Multiple sources confirm the issue affects versions listed as <= 1.22.3.31 (and Patchstack references

8.8CVSS8.5AI score0.00211EPSS