3 matches found
CVE-2022-1603
The CVE-2022-1603 entry corresponds to a CSRF vulnerability in the WordPress Mail Subscribe List plugin, versions prior to 2.1.4. The exposed component is the delete-subscription action, where there is no CSRF check, allowing an authenticated administrator to be coerced into removing arbitrary su...
CVE-2013-10026
The CVE targets the WordPress Mail Subscribe List Plugin versions up to 2.0.10. A cross-site scripting flaw arises from manipulating the index.php parameters sml_name and sml_email due to unknown processing, potentially enabling remote exploitation. Remediation: upgrade to version 2.1 (patch 4849...
CVE-2023-23657
CVE-2023-23657 describes a Stored XSS in the WordPress plugin Mail Subscribe List up to version 2.1.9. No technical details (payloads, vectors, affected files, or fix/version) are provided in the supplied documents. Monitor for vendor advisories and patch updates.