Show filters
40 Total Results
Displaying 11-20 of 40
Sort by:
Attacker Value
Unknown
CVE-2013-10028
Disclosure Date: June 04, 2023 (last updated October 08, 2023)
A vulnerability was found in EELV Newsletter Plugin 2.x on WordPress. It has been rated as problematic. Affected by this issue is the function style_newsletter of the file lettreinfo.php. The manipulation of the argument email leads to cross site scripting. The attack may be launched remotely. The name of the patch is 3339b42316c5edf73e56eb209b6a3bb3e868d6ed. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230660.
0
Attacker Value
Unknown
CVE-2023-0766
Disclosure Date: May 30, 2023 (last updated October 08, 2023)
The Newsletter Popup WordPress plugin through 1.2 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks as the wp_newsletter_show_localrecord page is not protected with a nonce.
0
Attacker Value
Unknown
CVE-2023-0733
Disclosure Date: May 30, 2023 (last updated October 08, 2023)
The Newsletter Popup WordPress plugin through 1.2 does not sanitise and escape some of its settings, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks
0
Attacker Value
Unknown
CVE-2023-27922
Disclosure Date: May 23, 2023 (last updated October 08, 2023)
Cross-site scripting vulnerability in Newsletter versions prior to 7.6.9 allows a remote unauthenticated attacker to inject an arbitrary script.
0
Attacker Value
Unknown
CVE-2022-47411
Disclosure Date: December 14, 2022 (last updated February 24, 2025)
An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. Data about subscribers may be obtained via unsubscribeAction operations.
0
Attacker Value
Unknown
CVE-2022-47410
Disclosure Date: December 14, 2022 (last updated February 24, 2025)
An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. Data about subscribers may be obtained via createAction operations.
0
Attacker Value
Unknown
CVE-2022-47409
Disclosure Date: December 14, 2022 (last updated October 08, 2023)
An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. Attackers can unsubscribe everyone via a series of modified subscription UIDs in deleteAction operations.
0
Attacker Value
Unknown
CVE-2022-47408
Disclosure Date: December 14, 2022 (last updated October 08, 2023)
An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. There is a CAPTCHA bypass that can lead to subscribing many people.
0
Attacker Value
Unknown
CVE-2022-41403
Disclosure Date: October 12, 2022 (last updated February 24, 2025)
OpenCart 3.x Newsletter Custom Popup was discovered to contain a SQL injection vulnerability via the email parameter at index.php?route=extension/module/so_newletter_custom_popup/newsletter.
0
Attacker Value
Unknown
CVE-2022-31856
Disclosure Date: July 05, 2022 (last updated February 24, 2025)
Newsletter Module v3.x was discovered to contain a SQL injection vulnerability via the zemez_newsletter_email parameter at /index.php.
0
