Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
newsletter vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2008-6861
Xigla Software Absolute Newsletter 6.0 and 6.1 allows remote malicious users to bypass authentication and gain administrative access by setting a cookie to a certain value.
Xigla Absolute Newsletter 6.0
Xigla Absolute Newsletter 6.1
1 EDB exploit
7.5
CVSSv2
CVE-2008-0510
SQL injection vulnerability in index.php in the Newsletter (com_newsletter) component for Mambo 4.5 and Joomla! allows remote malicious users to execute arbitrary SQL commands via the listid parameter.
Joomla Com Newsletter
Mambo Com Newsletter
Mambo Mambo 4.5
1 EDB exploit
NA
CVE-2022-41403
OpenCart 3.x Newsletter Custom Popup exists to contain a SQL injection vulnerability via the email parameter at index.php?route=extension/module/so_newletter_custom_popup/newsletter.
Newsletter Subscribe \\(popup \\+ Regular Module\\) Project Newsletter Subscribe \\(popup \\+ Regular Module\\) 4.0
NA
CVE-2023-4772
The Newsletter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'newsletter_form' shortcode in versions up to, and including, 7.8.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible fo...
Thenewsletterplugin Newsletter
NA
CVE-2023-27922
Cross-site scripting vulnerability in Newsletter versions before 7.6.9 allows a remote unauthenticated malicious user to inject an arbitrary script.
Thenewsletterplugin Newsletter
7.5
CVSSv2
CVE-2006-3986
PHP remote file inclusion vulnerability in index.php in Knusperleicht Newsletter 3.5 and previous versions allows remote malicious users to execute arbitrary PHP code via a URL in the NL_PATH parameter.
Knusperleicht Newsletter
1 EDB exploit
6
CVSSv2
CVE-2020-35932
Insecure Deserialization in the Newsletter plugin prior to 6.8.2 for WordPress allows authenticated remote attackers with minimal privileges (such as subscribers) to use the tpnc_render AJAX action to inject arbitrary PHP objects via the options[inline_edits] parameter. NOTE: exp...
Tribulant Newsletter
3.5
CVSSv2
CVE-2020-35933
A Reflected Authenticated Cross-Site Scripting (XSS) vulnerability in the Newsletter plugin prior to 6.8.2 for WordPress allows remote malicious users to trick a victim into submitting a tnpc_render AJAX request containing either JavaScript in an options parameter, or a base64-en...
Thenewsletterplugin Newsletter
4.3
CVSSv2
CVE-2022-1756
The Newsletter WordPress plugin prior to 7.4.5 does not sanitize and escape the $_SERVER['REQUEST_URI'] before echoing it back in admin pages. Although this uses addslashes, and most modern browsers automatically URLEncode requests, this is still vulnerable to Reflected...
Thenewsletterplugin Newsletter
3.5
CVSSv2
CVE-2022-1889
The Newsletter WordPress plugin prior to 7.4.6 does not escape and sanitise the preheader_text setting, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfilteredhtml is disallowed
Thenewsletterplugin Newsletter
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-26978
CVE-2024-26982
wireless
CVE-2023-6949
CVE-2024-26980
CVE-2024-32766
CVE-2024-26939
cache poisoning
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »