Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
newsletter project newsletter vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-38302
The Newsletter extension up to and including 4.0.0 for TYPO3 allows SQL Injection.
Newsletter Project Newsletter
6.6
CVSSv3
CVE-2021-24345
The page lists-management feature of the Sendit WP Newsletter WordPress plugin up to and including 2.5.1, available to Administrator users does not sanitise, validate or escape the id_lista POST parameter before using it in SQL statement, therefore leading to Blind SQL Injection.
Sendit Project Sendit
9.8
CVSSv3
CVE-2015-9334
The email-newsletter plugin up to and including 20.15 for WordPress has SQL injection.
Email-newsletter Project Email-newsletter
6.1
CVSSv3
CVE-2017-18522
The eelv-newsletter plugin prior to 4.6.1 for WordPress has XSS in the address book.
Eelv Newsletter Project Eelv Newsletter
8.8
CVSSv3
CVE-2017-18523
The eelv-newsletter plugin prior to 4.6.1 for WordPress has CSRF in the address book.
Eelv Newsletter Project Eelv Newsletter
NA
CVE-2014-4939
SQL injection vulnerability in the ENL Newsletter (enl-newsletter) plugin 1.0.1 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter in the enl-add-new page to wp-admin/admin.php.
Enl Newsletter Plugin Project Enl-newsletter 1.0.1
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-6267
XML injection
CVE-2024-37673
CVE-2024-6266
CVE-2024-30078
arbitrary
CVE-2024-36886
CVE-2024-5346
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2