Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
newsletter vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2006-6787
SQL injection vulnerability in admin/admin_mail_adressee.asp in Newsletter MX 1.0.2 and previous versions allows remote malicious users to execute arbitrary SQL commands via the ID parameter.
Mxmania Newsletter Mx
1 EDB exploit
NA
CVE-2008-4625
SQL injection vulnerability in stnl_iframe.php in the ShiftThis Newsletter (st_newsletter) plugin for WordPress allows remote malicious users to execute arbitrary SQL commands via the newsletter parameter, a different vector than CVE-2008-0683.
Shiftthis Shifthis Newsletter
1 EDB exploit
NA
CVE-2006-1533
SQL injection vulnerability in newsletter.php in Sourceworkshop newsletter 1.0 allows remote malicious users to execute arbitrary SQL commands via the newsletteremail parameter.
Sourceworkshop Newsletter 1.0
9.8
CVSSv3
CVE-2020-36727
The Newsletter Manager plugin for WordPress is vulnerable to insecure deserialization in versions up to, and including, 1.5.1. This is due to unsanitized input from the 'customFieldsDetails' parameter being passed through a deserialization function. This potentially mak...
Xyzscripts Newsletter Manager
9.8
CVSSv3
CVE-2014-1634
SQL Injection exists in Advanced Newsletter Magento extension prior to 2.3.5 via the /store/advancednewsletter/index/subscribeajax/an_category_id/ PATH_INFO.
Magento Advanced Newsletter
8.8
CVSSv3
CVE-2015-9496
The freshmail-newsletter plugin prior to 1.6 for WordPress has shortcode.php SQL Injection via the 'FM_form id=' substring.
Freshmail Freshmail-newsletter
6.1
CVSSv3
CVE-2021-34658
The Simple Popup Newsletter WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $_SERVER['PHP_SELF'] in the ~/simple-popup-newsletter.php file which allows malicious users to inject arbitrary web scripts, in versions up to and including 1....
Keszites Simple Popup Newsletter
7.2
CVSSv3
CVE-2023-5108
The Easy Newsletter Signups WordPress plugin up to and including 1.0.4 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin
Alphabpo Easy Newsletter Signups
NA
CVE-2008-6286
Multiple SQL injection vulnerabilities in SubscriberStart.asp in Active Newsletter 4.3 allow remote malicious users to execute arbitrary SQL commands via (1) the email parameter (aka username or E-mail field), or (2) the password parameter (aka password field), to (a) Subscriber....
Activewebsoftwares Active Newsletter 4.3
1 EDB exploit
NA
CVE-2008-0683
SQL injection vulnerability in shiftthis-preview.php in the ShiftThis Newsletter (st_newsletter) plugin for WordPress allows remote malicious users to execute arbitrary SQL commands via the newsletter parameter.
Wordpress St Newsletter Plugin
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
firmware
CVE-2023-52866
CVE-2024-4367
CVE-2024-1721
CVE-2023-34992
XML injection
CVE-2023-52817
SQL
CVE-2023-52855
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »