Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
newsletter vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-47308
In the module "Newsletter Popup PRO with Voucher/Coupon code" (newsletterpop) before version 2.6.1 from Active Design for PrestaShop, a guest can perform SQL injection in affected versions. The method `NewsletterpopsendVerificationModuleFrontController::checkEmailSubscr...
Activedesign Newsletterpop
9.8
CVSSv3
CVE-2022-46803
Improper Neutralization of Formula Elements in a CSV File vulnerability in Noptin Newsletter Simple Newsletter Plugin – Noptin.This issue affects Simple Newsletter Plugin – Noptin: from n/a up to and including 1.9.5.
Noptin Noptin
9.8
CVSSv3
CVE-2020-36727
The Newsletter Manager plugin for WordPress is vulnerable to insecure deserialization in versions up to, and including, 1.5.1. This is due to unsanitized input from the 'customFieldsDetails' parameter being passed through a deserialization function. This potentially mak...
Xyzscripts Newsletter Manager
9.8
CVSSv3
CVE-2023-27032
Prestashop advancedpopupcreator v1.1.21 to v1.1.24 exists to contain a SQL injection vulnerability via the component AdvancedPopup::getPopups().
Idnovate Popup Module (on Entering, Exit Popup, Add Product) And Newsletter
9.8
CVSSv3
CVE-2023-1498
A vulnerability classified as critical has been found in code-projects Responsive Hotel Site 1.0. Affected is an unknown function of the file messages.php of the component Newsletter Log Handler. The manipulation of the argument title leads to sql injection. It is possible to lau...
Responsive Hotel Site Project Responsive Hotel Site 1.0
9.8
CVSSv3
CVE-2022-41403
OpenCart 3.x Newsletter Custom Popup exists to contain a SQL injection vulnerability via the email parameter at index.php?route=extension/module/so_newletter_custom_popup/newsletter.
Newsletter Subscribe (popup + Regular Module) Project Newsletter Subscribe (popup + Regular Module) 4.0
9.8
CVSSv3
CVE-2022-31856
Newsletter Module v3.x exists to contain a SQL injection vulnerability via the zemez_newsletter_email parameter at /index.php.
Newsletter Module Project Newsletter Module 3.0.2.0
9.8
CVSSv3
CVE-2021-38302
The Newsletter extension up to and including 4.0.0 for TYPO3 allows SQL Injection.
Newsletter Project Newsletter
9.8
CVSSv3
CVE-2014-1634
SQL Injection exists in Advanced Newsletter Magento extension prior to 2.3.5 via the /store/advancednewsletter/index/subscribeajax/an_category_id/ PATH_INFO.
Magento Advanced Newsletter
9.8
CVSSv3
CVE-2015-9334
The email-newsletter plugin up to and including 20.15 for WordPress has SQL injection.
Email-newsletter Project Email-newsletter
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30078
CVE-2024-37896
code injection
CVE-2024-3080
CVE-2024-5172
cross-site request forgery
CVE-2024-6111
firmware
CVE-2024-38504
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »