Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
newsletters vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2019-14788
wp-admin/admin-ajax.php?action=newsletters_exportmultiple in the Tribulant Newsletters plugin prior to 4.6.19 for WordPress allows directory traversal with resultant remote PHP code execution via the subscribers[1][1] parameter in conjunction with an exportfile=../ value.
Tribulant Newsletters
7.2
CVSSv3
CVE-2023-4797
The Newsletters WordPress plugin prior to 4.9.3 does not properly escape user-controlled parameters when they are appended to SQL queries and shell commands, which could enable an administrator to run arbitrary commands on the server.
Tribulant Newsletters
5.3
CVSSv3
CVE-2018-20853
An issue exists in the MailPoet Newsletters (aka wysija-newsletters) plugin prior to 2.8.2 for WordPress. The plugin is vulnerable to SPAM attacks.
Mailpoet Mailpoet Newsletters
5.3
CVSSv3
CVE-2020-5780
Missing Authentication for Critical Function in Icegram Email Subscribers & Newsletters Plugin for WordPress prior to version 4.5.6 allows a remote, unauthenticated malicious user to conduct unauthenticated email forgery/spoofing.
Icegram Email Subscribers & Newsletters
9.8
CVSSv3
CVE-2019-20361
There was a flaw in the WordPress plugin, Email Subscribers & Newsletters prior to 4.3.1, that allowed SQL statements to be passed to the database in the hash parameter (a blind SQL injection vulnerability).
Icegram Email Subscribers & Newsletters
1 Github repository
5.3
CVSSv3
CVE-2019-19982
The WordPress plugin, Email Subscribers & Newsletters, prior to 4.2.3 had a flaw that allowed for unauthenticated option creation. In order to exploit this vulnerability, an attacker would need to send a /wp-admin/admin-post.php?es_skip=1&option_name= request.
Icegram Email Subscribers & Newsletters
4.3
CVSSv3
CVE-2019-19980
The WordPress plugin, Email Subscribers & Newsletters, prior to 4.2.3 had a privilege bypass flaw that allowed authenticated users (Subscriber or greater access) to send test emails from the administrative dashboard on behalf of an administrator. This occurs because the plugi...
Icegram Email Subscribers & Newsletters
8.8
CVSSv3
CVE-2022-3981
The Icegram Express WordPress plugin prior to 5.5.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscriber
Icegram Email Subscribers & Newsletters
9.8
CVSSv3
CVE-2019-13569
A SQL injection vulnerability exists in the Icegram Email Subscribers & Newsletters plugin up to and including 4.1.7 for WordPress. Successful exploitation of this vulnerability would allow a remote malicious user to execute arbitrary SQL commands on the affected system.
Icegram Email Subscribers & Newsletters
7.5
CVSSv3
CVE-2018-6015
An issue exists in the "Email Subscribers & Newsletters" plugin prior to 3.4.8 for WordPress. Sending an HTTP POST request to a URI with /?es=export at the end, and adding option=view_all_subscribers in the body, allows downloading of a CSV data file with all subscr...
Icegram Email Subscribers & Newsletters
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »