Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
email subscribers vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2023-35093
Broken Access Control vulnerability in StylemixThemes MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin <= 3.0.8 versions allows any logged-in users, such as subscribers to view the "Orders" of the plugin and get the data related to the...
Stylemixthemes Masterstudy Lms
6.5
CVSSv3
CVE-2021-24244
An AJAX action registered by the WPBakery Page Builder (Visual Composer) Clipboard WordPress plugin prior to 4.5.8 did not have capability checks, allowing low privilege users, such as subscribers, to update the license options (key, email).
6.5
CVSSv3
CVE-2020-5767
Cross-site request forgery in Icegram Email Subscribers & Newsletters Plugin for WordPress v4.4.8 allows a remote malicious user to send forged emails by tricking legitimate users into clicking a crafted link.
Icegram Email Subscribers \\& Newsletters 4.4.8
6.3
CVSSv3
CVE-2019-19984
The WordPress plugin, Email Subscribers & Newsletters, prior to 4.2.3 had a flaw that allowed users with edit_post capabilities to manage plugin settings and email campaigns.
Icegram Email Subscribers \\& Newsletters
6.1
CVSSv3
CVE-2019-14364
An XSS vulnerability in the "Email Subscribers & Newsletters" plugin 4.1.6 for WordPress allows an malicious user to inject malicious JavaScript code through a publicly available subscription form using the esfpx_name wp-admin/admin-ajax.php POST parameter.
Icegram Email Subscribers \\& Newsletters 4.1.6
6.1
CVSSv3
CVE-2018-0602
Cross-site scripting vulnerability in Email Subscribers & Newsletters versions before 3.5.0 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Email Subscribers \\& Newsletters Project Email Subscribers \\& Newsletters
5.4
CVSSv3
CVE-2019-19981
The WordPress plugin, Email Subscribers & Newsletters, prior to 4.2.3 had a flaw that allowed for CSRF to be exploited on all plugin settings.
Icegram Email Subscribers \\& Newsletters
5.3
CVSSv3
CVE-2020-5780
Missing Authentication for Critical Function in Icegram Email Subscribers & Newsletters Plugin for WordPress prior to version 4.5.6 allows a remote, unauthenticated malicious user to conduct unauthenticated email forgery/spoofing.
Icegram Email Subscribers \\& Newsletters
5.3
CVSSv3
CVE-2012-2724
The Simplenews module 6.x-1.x prior to 6.x-1.4, 6.x-2.x prior to 6.x-2.0-alpha4, and 7.x-1.x prior to 7.x-1.0-rc1 for Drupal reveals the email addresses of new mailing list subscribers when confirmation is required, which allows remote malicious users to obtain sensitive informat...
Md-systems Simplenews 6.x-1.0
Md-systems Simplenews 6.x-1.1
Md-systems Simplenews 6.x-1.2
Md-systems Simplenews 6.x-1.3
Md-systems Simplenews 6.x-2.0
Md-systems Simplenews 6.x-2.x
Md-systems Simplenews 7.x-1.0
5.3
CVSSv3
CVE-2019-19982
The WordPress plugin, Email Subscribers & Newsletters, prior to 4.2.3 had a flaw that allowed for unauthenticated option creation. In order to exploit this vulnerability, an attacker would need to send a /wp-admin/admin-post.php?es_skip=1&option_name= request.
Icegram Email Subscribers \\& Newsletters
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-35229
privilege escalation
local users
CVE-2024-5405
CVE-2024-27842
CVE-2024-5274
CVE-2024-5378
CVE-2024-34152
hard-coded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »