Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
newsletter vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2018-1002009
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in unsubscribe.html.php:3: via GET reuqest to the email variable.
Kibokolabs Arigato Autoresponder And Newsletter 2.5.1.8
1 EDB exploit
6.5
CVSSv2
CVE-2018-1002000
There is blind SQL injection in WordPress Arigato Autoresponder and Newsletter v2.5.1.8 These vulnerabilities require administrative privileges to exploit. There is an exploitable blind SQL injection vulnerability via the del_ids variable by POST request.
Kibokolabs Arigato Autoresponder And Newsletter 2.5.1.8
1 EDB exploit
3.5
CVSSv2
CVE-2018-1002004
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.
Kibokolabs Arigato Autoresponder And Newsletter 2.5.1.8
1 EDB exploit
3.5
CVSSv2
CVE-2018-1002007
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:15: via POST request variable html_id.
Kibokolabs Arigato Autoresponder And Newsletter 2.5.1.8
1 EDB exploit
4.3
CVSSv2
CVE-2022-21179
Cross-site request forgery (CSRF) vulnerability in EC-CUBE plugin 'Mail Magazine Management Plugin' ver4.0.0 to 4.1.1 (for EC-CUBE 4 series) and ver1.0.0 to 1.0.4 (for EC-CUBE 3 series) allows a remote unauthenticated malicious user to hijack the authentication of an ad...
Ec-cube E-mail Newsletter Management
7.5
CVSSv2
CVE-2018-18461
The Arigato Autoresponder and Newsletter (aka bft-autoresponder) v2.5.1.7 plugin for WordPress allows remote malicious users to execute arbitrary code via PHP code in attachments[] data to models/attachment.php.
Kibokolabs Arigato Autoresponder And Newsletter 2.5.1.7
4.3
CVSSv2
CVE-2021-24874
The Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue WordPress plugin prior to 3.1.31 does not escape the lang and pid parameter before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues
Sendinblue Newsletter\\, Smtp\\, Email Marketing And Subscribe
NA
CVE-2023-2472
The Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue WordPress plugin prior to 3.1.61 does not sanitise and escape a parameter before outputting it back in the admin dashboard when the WPML plugin is also active and configured, leading to a Reflected Cross-Site...
Sendinblue Newsletter\\, Smtp\\, Email Marketing And Subscribe
4.3
CVSSv2
CVE-2021-24923
The Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue WordPress plugin prior to 3.1.25 does not escape the sib-statistics-date parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue
Sendinblue Newsletter\\, Smtp\\, Email Marketing And Subscribe
6.8
CVSSv2
CVE-2007-5458
SQL injection vulnerability in index.php in the newsletter module 1.0 for KwsPHP, when magic_quotes_gpc is disabled, allows remote malicious users to execute arbitrary SQL commands via the newsletter parameter.
Alorys-hebergement Kwsphp
Alorys-hebergement Newsletter Module 1.00
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671
unauthorized
CVE-2024-4776
CVE-2024-3407
CVE-2024-26026
CVE-2024-32888
wireless
CVE-2024-4656
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »