Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
newsletters vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2018-6015
An issue exists in the "Email Subscribers & Newsletters" plugin prior to 3.4.8 for WordPress. Sending an HTTP POST request to a URI with /?es=export at the end, and adding option=view_all_subscribers in the body, allows downloading of a CSV data file with all subscr...
Icegram Email Subscribers \\& Newsletters
4.3
CVSSv3
CVE-2019-19980
The WordPress plugin, Email Subscribers & Newsletters, prior to 4.2.3 had a privilege bypass flaw that allowed authenticated users (Subscriber or greater access) to send test emails from the administrative dashboard on behalf of an administrator. This occurs because the plugi...
Icegram Email Subscribers \\& Newsletters
8.8
CVSSv3
CVE-2022-0439
The Email Subscribers & Newsletters WordPress plugin prior to 5.3.2 does not correctly escape the `order` and `orderby` parameters to the `ajax_fetch_report_list` action, making it vulnerable to blind SQL injection attacks by users with roles as low as Subscriber. Further, it...
Icegram Email Subscribers \\& Newsletters
1 Github repository
5.3
CVSSv3
CVE-2020-5780
Missing Authentication for Critical Function in Icegram Email Subscribers & Newsletters Plugin for WordPress prior to version 4.5.6 allows a remote, unauthenticated malicious user to conduct unauthenticated email forgery/spoofing.
Icegram Email Subscribers \\& Newsletters
6.5
CVSSv3
CVE-2020-5767
Cross-site request forgery in Icegram Email Subscribers & Newsletters Plugin for WordPress v4.4.8 allows a remote malicious user to send forged emails by tricking legitimate users into clicking a crafted link.
Icegram Email Subscribers \\& Newsletters 4.4.8
4.9
CVSSv3
CVE-2020-5768
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Icegram Email Subscribers & Newsletters Plugin for WordPress v4.4.8 allows a remote, authenticated malicious user to determine the value of database fields.
Icegram Email Subscribers \\& Newsletters 4.4.8
NA
CVE-2014-4527
Multiple cross-site scripting (XSS) vulnerabilities in paginas/vista-previa-form.php in the EnvialoSimple: Email Marketing and Newsletters (envialosimple-email-marketing-y-newsletters-gratis) plugin prior to 1.98 for WordPress allow remote malicious users to inject arbitrary web ...
Envialosimple Email Marketing Y Newsletters
6.1
CVSSv3
CVE-2019-14364
An XSS vulnerability in the "Email Subscribers & Newsletters" plugin 4.1.6 for WordPress allows an malicious user to inject malicious JavaScript code through a publicly available subscription form using the esfpx_name wp-admin/admin-ajax.php POST parameter.
Icegram Email Subscribers \\& Newsletters 4.1.6
6.1
CVSSv3
CVE-2017-18010
The E-goi Smart Marketing SMS and Newsletters Forms plugin prior to 2.0.0 for WordPress has XSS via the admin/partials/custom/egoi-for-wp-form_egoi.php url parameter.
E-goi Smart Marketing Sms And Newsletters Forms
NA
CVE-2019-1356989
WordPress Email Subscribers and Newsletters plugin version 4.2.2 suffers from a remote SQL injection vulnerability.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654
CVE-2024-2757
authentication bypass
CVE-2024-3194
CVE-2024-33640
CVE-2024-21111
dos
insecure direct object reference
CVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »