Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
newsletters vulnerabilities and exploits
(subscribe to this query)
578
VMScore
CVE-2022-0439
The Email Subscribers & Newsletters WordPress plugin prior to 5.3.2 does not correctly escape the `order` and `orderby` parameters to the `ajax_fetch_report_list` action, making it vulnerable to blind SQL injection attacks by users with roles as low as Subscriber. Further, it...
Icegram Email Subscribers \\& Newsletters
1 Github repository
668
VMScore
CVE-2019-20361
There was a flaw in the WordPress plugin, Email Subscribers & Newsletters prior to 4.3.1, that allowed SQL statements to be passed to the database in the hash parameter (a blind SQL injection vulnerability).
Icegram Email Subscribers \\& Newsletters
1 Github repository
445
VMScore
CVE-2020-5780
Missing Authentication for Critical Function in Icegram Email Subscribers & Newsletters Plugin for WordPress prior to version 4.5.6 allows a remote, unauthenticated malicious user to conduct unauthenticated email forgery/spoofing.
Icegram Email Subscribers \\& Newsletters
890
VMScore
CVE-2019-13569
A SQL injection vulnerability exists in the Icegram Email Subscribers & Newsletters plugin up to and including 4.1.7 for WordPress. Successful exploitation of this vulnerability would allow a remote malicious user to execute arbitrary SQL commands on the affected system.
Icegram Email Subscribers \\& Newsletters
383
VMScore
CVE-2019-14364
An XSS vulnerability in the "Email Subscribers & Newsletters" plugin 4.1.6 for WordPress allows an malicious user to inject malicious JavaScript code through a publicly available subscription form using the esfpx_name wp-admin/admin-ajax.php POST parameter.
Icegram Email Subscribers \\& Newsletters 4.1.6
383
VMScore
CVE-2014-4527
Multiple cross-site scripting (XSS) vulnerabilities in paginas/vista-previa-form.php in the EnvialoSimple: Email Marketing and Newsletters (envialosimple-email-marketing-y-newsletters-gratis) plugin prior to 1.98 for WordPress allow remote malicious users to inject arbitrary web ...
Envialosimple Email Marketing Y Newsletters
383
VMScore
CVE-2020-5767
Cross-site request forgery in Icegram Email Subscribers & Newsletters Plugin for WordPress v4.4.8 allows a remote malicious user to send forged emails by tricking legitimate users into clicking a crafted link.
Icegram Email Subscribers \\& Newsletters 4.4.8
356
VMScore
CVE-2020-5768
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Icegram Email Subscribers & Newsletters Plugin for WordPress v4.4.8 allows a remote, authenticated malicious user to determine the value of database fields.
Icegram Email Subscribers \\& Newsletters 4.4.8
383
VMScore
CVE-2017-18010
The E-goi Smart Marketing SMS and Newsletters Forms plugin prior to 2.0.0 for WordPress has XSS via the admin/partials/custom/egoi-for-wp-form_egoi.php url parameter.
E-goi Smart Marketing Sms And Newsletters Forms
NA
CVE-2019-1356989
WordPress Email Subscribers and Newsletters plugin version 4.2.2 suffers from a remote SQL injection vulnerability.
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »