3 matches found
CVE-2023-28421
CVE-2023-28421 affects the WordPress plugin WordPress Email Marketing Plugin – WP Email Capture (versions up to 3.10). The issue is an information disclosure vulnerability that could allow an unauthenticated actor to access sensitive data. Remediation: update to version 3.11 or later. The CVE has...
CVE-2023-23724
CVE-2023-23724 concerns a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin WP Email Capture by Winwar Media, affected versions are <= 3.9.3. The root cause is CSRF in the plugin’s request handling, enabling unauthorized actions when a logged-in user visits a malicious pa...
CVE-2023-23723
CVE-2023-23723 describes a stored XSS vulnerability in the WordPress plugin “WP Email Capture” by Winwar Media, affecting versions up to 3.9.3. The underlying issue is insufficient sanitization/escaping of certain settings, enabling an attacker with administrator privileges to trigger stored cros...