Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
newsletter vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2018-1002000
There is blind SQL injection in WordPress Arigato Autoresponder and Newsletter v2.5.1.8 These vulnerabilities require administrative privileges to exploit. There is an exploitable blind SQL injection vulnerability via the del_ids variable by POST request.
Kibokolabs Arigato Autoresponder And Newsletter 2.5.1.8
1 EDB exploit
3.5
CVSSv2
CVE-2018-1002001
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.
Kibokolabs Arigato Autoresponder And Newsletter 2.5.1.8
1 EDB exploit
3.5
CVSSv2
CVE-2018-1002004
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.
Kibokolabs Arigato Autoresponder And Newsletter 2.5.1.8
1 EDB exploit
3.5
CVSSv2
CVE-2018-1002008
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in list-user.html.php:4: via GET request offset variable.
Kibokolabs Arigato Autoresponder And Newsletter 2.5.1.8
1 EDB exploit
7.5
CVSSv2
CVE-2018-18461
The Arigato Autoresponder and Newsletter (aka bft-autoresponder) v2.5.1.7 plugin for WordPress allows remote malicious users to execute arbitrary code via PHP code in attachments[] data to models/attachment.php.
Kibokolabs Arigato Autoresponder And Newsletter 2.5.1.7
4.3
CVSSv2
CVE-2022-21179
Cross-site request forgery (CSRF) vulnerability in EC-CUBE plugin 'Mail Magazine Management Plugin' ver4.0.0 to 4.1.1 (for EC-CUBE 4 series) and ver1.0.0 to 1.0.4 (for EC-CUBE 3 series) allows a remote unauthenticated malicious user to hijack the authentication of an ad...
Ec-cube E-mail Newsletter Management
NA
CVE-2023-2472
The Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue WordPress plugin prior to 3.1.61 does not sanitise and escape a parameter before outputting it back in the admin dashboard when the WPML plugin is also active and configured, leading to a Reflected Cross-Site...
Sendinblue Newsletter\\, Smtp\\, Email Marketing And Subscribe
4.3
CVSSv2
CVE-2021-24874
The Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue WordPress plugin prior to 3.1.31 does not escape the lang and pid parameter before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues
Sendinblue Newsletter\\, Smtp\\, Email Marketing And Subscribe
4.3
CVSSv2
CVE-2021-24923
The Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue WordPress plugin prior to 3.1.25 does not escape the sib-statistics-date parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue
Sendinblue Newsletter\\, Smtp\\, Email Marketing And Subscribe
6.8
CVSSv2
CVE-2007-5458
SQL injection vulnerability in index.php in the newsletter module 1.0 for KwsPHP, when magic_quotes_gpc is disabled, allows remote malicious users to execute arbitrary SQL commands via the newsletter parameter.
Alorys-hebergement Kwsphp
Alorys-hebergement Newsletter Module 1.00
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »