8 matches found
CVE-2015-9448
The CVE-2015-9448 issue affects the WordPress SendPress plugin (versions prior to 1.2). The vulnerability is an SQL Injection in the wp-admin/admin.php?page=sp-queue listid parameter. Impact per sources includes manipulation/exfiltration of data via the web interface, with CVSS scores indicating ...
CVE-2024-1588
The CVE CVE-2024-1588 affects the WordPress plugin “SendPress Newsletters” up to version 1.23.11.6. The issue is an Admin+ Stored XSS via Settings vulnerability caused by insufficient sanitisation/escaping of certain settings, enabling stored cross-site scripting by high-privilege users (e.g., ad...
CVE-2024-1589
The CVE-2024-1589 issue affects the WordPress SendPress Newsletters plugin up to version 1.23.11.6. The root cause is that certain settings are not properly sanitised/escaped, enabling Stored Cross-Site Scripting (stored XSS) by high-privilege users (e.g., admins), even when unfiltered_html is di...
CVE-2023-35040
CVE-2023-35040 affects WordPress plugin SendPress Newsletters (versions up to and including 1.23.11.6). The issue is described as a Missing Authorization / Broken Access Control vulnerability in SendPress Newsletters, with unauthenticated access potentially allowed due to insufficient authorizati...
CVE-2023-41729
This CVE affects the WordPress SendPress Newsletters plugin. The vulnerability is a stored XSS issue exploitable by an authenticated admin+ user, affecting plugin versions up to 1.22.3.31. Multiple sources corroborate the issue and indicate remediation by updating to a newer version than 1.22.3.3...
CVE-2023-47517
CVE-2023-47517 is a publicly documented Unauth. Reflected Cross-Site Scripting (XSS) vulnerability affecting the WordPress SendPress Newsletters plugin, specifically versions ≤ 1.23.11.6. The issue allows unauthenticated attackers to inject scripts via the reflected XSS vector, with the exact exp...
CVE-2023-5660
CVE-2023-5660 affects the SendPress Newsletters WordPress plugin and enables Stored Cross-Site Scripting via shortcode attributes in all versions up to 1.22.3.31, with exploitation possible by authenticated contributors or higher. Technical details in connected sources confirm the shortcodes and ...
CVE-2023-41730
CVE-2023-41730 is a CSRF vulnerability in the WordPress plugin SendPress Newsletters . Multiple sources confirm the issue affects versions listed as <= 1.22.3.31 (and Patchstack references