Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
newsletter vulnerabilities and exploits
(subscribe to this query)
755
VMScore
CVE-2008-6861
Xigla Software Absolute Newsletter 6.0 and 6.1 allows remote malicious users to bypass authentication and gain administrative access by setting a cookie to a certain value.
Xigla Absolute Newsletter 6.0
Xigla Absolute Newsletter 6.1
1 EDB exploit
755
VMScore
CVE-2008-0510
SQL injection vulnerability in index.php in the Newsletter (com_newsletter) component for Mambo 4.5 and Joomla! allows remote malicious users to execute arbitrary SQL commands via the listid parameter.
Joomla Com Newsletter
Mambo Com Newsletter
Mambo Mambo 4.5
1 EDB exploit
NA
CVE-2022-41403
OpenCart 3.x Newsletter Custom Popup exists to contain a SQL injection vulnerability via the email parameter at index.php?route=extension/module/so_newletter_custom_popup/newsletter.
Newsletter Subscribe \\(popup \\+ Regular Module\\) Project Newsletter Subscribe \\(popup \\+ Regular Module\\) 4.0
NA
CVE-2023-27922
Cross-site scripting vulnerability in Newsletter versions before 7.6.9 allows a remote unauthenticated malicious user to inject an arbitrary script.
Thenewsletterplugin Newsletter
NA
CVE-2023-4772
The Newsletter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'newsletter_form' shortcode in versions up to, and including, 7.8.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible fo...
Thenewsletterplugin Newsletter
312
VMScore
CVE-2020-35933
A Reflected Authenticated Cross-Site Scripting (XSS) vulnerability in the Newsletter plugin prior to 6.8.2 for WordPress allows remote malicious users to trick a victim into submitting a tnpc_render AJAX request containing either JavaScript in an options parameter, or a base64-en...
Thenewsletterplugin Newsletter
534
VMScore
CVE-2020-35932
Insecure Deserialization in the Newsletter plugin prior to 6.8.2 for WordPress allows authenticated remote attackers with minimal privileges (such as subscribers) to use the tpnc_render AJAX action to inject arbitrary PHP objects via the options[inline_edits] parameter. NOTE: exp...
Tribulant Newsletter
755
VMScore
CVE-2006-3986
PHP remote file inclusion vulnerability in index.php in Knusperleicht Newsletter 3.5 and previous versions allows remote malicious users to execute arbitrary PHP code via a URL in the NL_PATH parameter.
Knusperleicht Newsletter
1 EDB exploit
383
VMScore
CVE-2022-1756
The Newsletter WordPress plugin prior to 7.4.5 does not sanitize and escape the $_SERVER['REQUEST_URI'] before echoing it back in admin pages. Although this uses addslashes, and most modern browsers automatically URLEncode requests, this is still vulnerable to Reflected...
Thenewsletterplugin Newsletter
312
VMScore
CVE-2022-1889
The Newsletter WordPress plugin prior to 7.4.6 does not escape and sanitise the preheader_text setting, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfilteredhtml is disallowed
Thenewsletterplugin Newsletter
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
firmware
CVE-2023-52866
CVE-2024-4367
CVE-2024-1721
CVE-2023-34992
XML injection
CVE-2023-52817
SQL
CVE-2023-52855
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »