Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
newsletter vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2006-6787
SQL injection vulnerability in admin/admin_mail_adressee.asp in Newsletter MX 1.0.2 and previous versions allows remote malicious users to execute arbitrary SQL commands via the ID parameter.
Mxmania Newsletter Mx
1 EDB exploit
7.5
CVSSv2
CVE-2008-4625
SQL injection vulnerability in stnl_iframe.php in the ShiftThis Newsletter (st_newsletter) plugin for WordPress allows remote malicious users to execute arbitrary SQL commands via the newsletter parameter, a different vector than CVE-2008-0683.
Shiftthis Shifthis Newsletter
1 EDB exploit
6.5
CVSSv2
CVE-2015-9496
The freshmail-newsletter plugin prior to 1.6 for WordPress has shortcode.php SQL Injection via the 'FM_form id=' substring.
Freshmail Freshmail-newsletter
NA
CVE-2020-36727
The Newsletter Manager plugin for WordPress is vulnerable to insecure deserialization in versions up to, and including, 1.5.1. This is due to unsanitized input from the 'customFieldsDetails' parameter being passed through a deserialization function. This potentially mak...
Xyzscripts Newsletter Manager
10
CVSSv2
CVE-2014-1634
SQL Injection exists in Advanced Newsletter Magento extension prior to 2.3.5 via the /store/advancednewsletter/index/subscribeajax/an_category_id/ PATH_INFO.
Magento Advanced Newsletter
7.5
CVSSv2
CVE-2006-1533
SQL injection vulnerability in newsletter.php in Sourceworkshop newsletter 1.0 allows remote malicious users to execute arbitrary SQL commands via the newsletteremail parameter.
Sourceworkshop Newsletter 1.0
NA
CVE-2023-5108
The Easy Newsletter Signups WordPress plugin up to and including 1.0.4 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin
Alphabpo Easy Newsletter Signups
7.5
CVSSv2
CVE-2008-6286
Multiple SQL injection vulnerabilities in SubscriberStart.asp in Active Newsletter 4.3 allow remote malicious users to execute arbitrary SQL commands via (1) the email parameter (aka username or E-mail field), or (2) the password parameter (aka password field), to (a) Subscriber....
Activewebsoftwares Active Newsletter 4.3
1 EDB exploit
4.3
CVSSv2
CVE-2021-34658
The Simple Popup Newsletter WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $_SERVER['PHP_SELF'] in the ~/simple-popup-newsletter.php file which allows malicious users to inject arbitrary web scripts, in versions up to and including 1....
Keszites Simple Popup Newsletter
7.5
CVSSv2
CVE-2008-0683
SQL injection vulnerability in shiftthis-preview.php in the ShiftThis Newsletter (st_newsletter) plugin for WordPress allows remote malicious users to execute arbitrary SQL commands via the newsletter parameter.
Wordpress St Newsletter Plugin
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-26978
CVE-2024-26982
wireless
CVE-2023-6949
CVE-2024-26980
CVE-2024-32766
CVE-2024-26939
cache poisoning
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »