Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
newsletters vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-30478
Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Newsletters plugin <= 4.8.8 versions.
Tribulant Newsletters
7.5
CVSSv2
CVE-2018-20987
The newsletters-lite plugin prior to 4.6.8.6 for WordPress has PHP object injection.
Tribulant Newsletters
5
CVSSv2
CVE-2018-20853
An issue exists in the MailPoet Newsletters (aka wysija-newsletters) plugin prior to 2.8.2 for WordPress. The plugin is vulnerable to SPAM attacks.
Mailpoet Mailpoet Newsletters
5
CVSSv2
CVE-2018-6015
An issue exists in the "Email Subscribers & Newsletters" plugin prior to 3.4.8 for WordPress. Sending an HTTP POST request to a URI with /?es=export at the end, and adding option=view_all_subscribers in the body, allows downloading of a CSV data file with all subscr...
Icegram Email Subscribers \\& Newsletters
NA
CVE-2022-3981
The Icegram Express WordPress plugin prior to 5.5.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscriber
Icegram Email Subscribers \\& Newsletters
4.3
CVSSv2
CVE-2019-19981
The WordPress plugin, Email Subscribers & Newsletters, prior to 4.2.3 had a flaw that allowed for CSRF to be exploited on all plugin settings.
Icegram Email Subscribers \\& Newsletters
6.5
CVSSv2
CVE-2019-19984
The WordPress plugin, Email Subscribers & Newsletters, prior to 4.2.3 had a flaw that allowed users with edit_post capabilities to manage plugin settings and email campaigns.
Icegram Email Subscribers \\& Newsletters
5
CVSSv2
CVE-2020-5780
Missing Authentication for Critical Function in Icegram Email Subscribers & Newsletters Plugin for WordPress prior to version 4.5.6 allows a remote, unauthenticated malicious user to conduct unauthenticated email forgery/spoofing.
Icegram Email Subscribers \\& Newsletters
7.5
CVSSv2
CVE-2019-20361
There was a flaw in the WordPress plugin, Email Subscribers & Newsletters prior to 4.3.1, that allowed SQL statements to be passed to the database in the hash parameter (a blind SQL injection vulnerability).
Icegram Email Subscribers \\& Newsletters
1 Github repository
10
CVSSv2
CVE-2019-13569
A SQL injection vulnerability exists in the Icegram Email Subscribers & Newsletters plugin up to and including 4.1.7 for WordPress. Successful exploitation of this vulnerability would allow a remote malicious user to execute arbitrary SQL commands on the affected system.
Icegram Email Subscribers \\& Newsletters
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-26978
CVE-2024-26982
wireless
CVE-2023-6949
CVE-2024-26980
CVE-2024-32766
CVE-2024-26939
cache poisoning
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »