Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
newsletter vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2020-36727
The Newsletter Manager plugin for WordPress is vulnerable to insecure deserialization in versions up to, and including, 1.5.1. This is due to unsanitized input from the 'customFieldsDetails' parameter being passed through a deserialization function. This potentially mak...
Xyzscripts Newsletter Manager
668
VMScore
CVE-2006-1533
SQL injection vulnerability in newsletter.php in Sourceworkshop newsletter 1.0 allows remote malicious users to execute arbitrary SQL commands via the newsletteremail parameter.
Sourceworkshop Newsletter 1.0
890
VMScore
CVE-2014-1634
SQL Injection exists in Advanced Newsletter Magento extension prior to 2.3.5 via the /store/advancednewsletter/index/subscribeajax/an_category_id/ PATH_INFO.
Magento Advanced Newsletter
755
VMScore
CVE-2006-6787
SQL injection vulnerability in admin/admin_mail_adressee.asp in Newsletter MX 1.0.2 and previous versions allows remote malicious users to execute arbitrary SQL commands via the ID parameter.
Mxmania Newsletter Mx
1 EDB exploit
578
VMScore
CVE-2015-9496
The freshmail-newsletter plugin prior to 1.6 for WordPress has shortcode.php SQL Injection via the 'FM_form id=' substring.
Freshmail Freshmail-newsletter
755
VMScore
CVE-2008-4625
SQL injection vulnerability in stnl_iframe.php in the ShiftThis Newsletter (st_newsletter) plugin for WordPress allows remote malicious users to execute arbitrary SQL commands via the newsletter parameter, a different vector than CVE-2008-0683.
Shiftthis Shifthis Newsletter
1 EDB exploit
605
VMScore
CVE-2017-18512
The newsletter-by-supsystic plugin prior to 1.1.8 for WordPress has CSRF.
Supsystic Newsletter By Supsystic
755
VMScore
CVE-2008-6286
Multiple SQL injection vulnerabilities in SubscriberStart.asp in Active Newsletter 4.3 allow remote malicious users to execute arbitrary SQL commands via (1) the email parameter (aka username or E-mail field), or (2) the password parameter (aka password field), to (a) Subscriber....
Activewebsoftwares Active Newsletter 4.3
1 EDB exploit
NA
CVE-2023-5108
The Easy Newsletter Signups WordPress plugin up to and including 1.0.4 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin
Alphabpo Easy Newsletter Signups
383
VMScore
CVE-2021-34658
The Simple Popup Newsletter WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $_SERVER['PHP_SELF'] in the ~/simple-popup-newsletter.php file which allows malicious users to inject arbitrary web scripts, in versions up to and including 1....
Keszites Simple Popup Newsletter
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671
unauthorized
CVE-2024-4776
CVE-2024-3407
CVE-2024-26026
CVE-2024-32888
wireless
CVE-2024-4656
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »