Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
newsletter vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-33944
Missing Authorization vulnerability in Kestrel WooCommerce AWeber Newsletter Subscription.This issue affects WooCommerce AWeber Newsletter Subscription: from n/a up to and including 4.0.2.
NA
CVE-2024-31434
Cross-Site Request Forgery (CSRF) vulnerability in Stefano Lissa & The Newsletter Team Newsletter.This issue affects Newsletter: from n/a up to and including 8.0.6.
5.4
CVSSv3
CVE-2020-4785
IBM App Connect Enterprise Certified Container 1.0.0, 1.0.1, 1.0.2, 1.0.3, and 1.0.4 could allow a remote malicious user to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack...
Ibm App Connect Enterprise Certified Container 1.0.0
Ibm App Connect Enterprise Certified Container 1.0.1
Ibm App Connect Enterprise Certified Container 1.0.2
Ibm App Connect Enterprise Certified Container 1.0.3
Ibm App Connect Enterprise Certified Container 1.0.4
1 Article
NA
CVE-2024-31110
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Katz Web Services, Inc. Contact Form 7 Newsletter allows Reflected XSS.This issue affects Contact Form 7 Newsletter: from n/a up to and including 2.2.
5.4
CVSSv3
CVE-2021-21418
ps_emailsubscription is a newsletter subscription module for the PrestaShop platform. An employee can inject javascript in the newsletter condition field that will then be executed on the front office The issue has been fixed in 2.6.1
Prestashop Ps Emailsubscription
7.2
CVSSv3
CVE-2023-50857
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in FunnelKit Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit.This issue affects Recover WooCommerce Cart Abandonment, ...
Funnelkit Funnelkit Automations
NA
CVE-2024-35668
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Brevo Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue allows Reflected XSS.This issue affects Newsletter, SMTP, Email marketing and Subscribe...
7.5
CVSSv3
CVE-2023-22734
Shopware is an open source commerce platform based on Symfony Framework and Vue js. The newsletter double opt-in validation was not checked properly, and it was possible to skip the complete double opt in process. As a result operators may have inconsistencies in their newsletter...
Shopware Shopware
8.8
CVSSv3
CVE-2023-47757
Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in AWeber AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth allows Accessing Functionality Not Properly Constrained by ACLs, Cross-Site Request Fo...
Aweber Aweber
4.3
CVSSv3
CVE-2020-12698
The direct_mail extension up to and including 5.2.3 for TYPO3 has Broken Access Control for newsletter subscriber tables.
Dkd Direct Mail
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-40673
CVE-2024-36674
CVE-2024-27348
unspecified
CVE-2024-24919
CVE-2024-4870
malicious code
CVE-2024-2019
hard-coded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »