Show filters
194 Total Results
Displaying 141-150 of 194
Sort by:
Attacker Value
Unknown

CVE-2018-1002005

Disclosure Date: December 03, 2018 (last updated November 27, 2024)
These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in bft_list.html.php:43: via the filter_signup_date parameter.
0
0
Attacker Value
Unknown

CVE-2018-18461

Disclosure Date: October 18, 2018 (last updated November 27, 2024)
The Arigato Autoresponder and Newsletter (aka bft-autoresponder) v2.5.1.7 plugin for WordPress allows remote attackers to execute arbitrary code via PHP code in attachments[] data to models/attachment.php.
0
0
Attacker Value
Unknown

CVE-2018-0602

Disclosure Date: June 26, 2018 (last updated November 26, 2024)
Cross-site scripting vulnerability in Email Subscribers & Newsletters versions prior to 3.5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
0
0
Attacker Value
Unknown

CVE-2018-5989

Disclosure Date: February 17, 2018 (last updated November 26, 2024)
SQL Injection exists in the ccNewsletter 2.x component for Joomla! via the id parameter in a task=removeSubscriber action, a related issue to CVE-2011-5099.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2018-6015

Disclosure Date: January 26, 2018 (last updated November 26, 2024)
An issue was discovered in the "Email Subscribers & Newsletters" plugin before 3.4.8 for WordPress. Sending an HTTP POST request to a URI with /?es=export at the end, and adding option=view_all_subscribers in the body, allows downloading of a CSV data file with all subscriber data.
0
0
Attacker Value
Unknown

CVE-2017-18010

Disclosure Date: January 01, 2018 (last updated November 26, 2024)
The E-goi Smart Marketing SMS and Newsletters Forms plugin before 2.0.0 for WordPress has XSS via the admin/partials/custom/egoi-for-wp-form_egoi.php url parameter.
0
0
Attacker Value
Unknown

CVE-2017-12810

Disclosure Date: December 30, 2017 (last updated November 26, 2024)
PHPJabbers PHP Newsletter Script 4.2 has stored XSS in lists in the admin panel.
0
0
Attacker Value
Unknown

CVE-2014-3907

Disclosure Date: August 26, 2014 (last updated October 05, 2023)
Cross-site request forgery (CSRF) vulnerability in the MailPoet Newsletters (wysija-newsletters) plugin before 2.6.11 for WordPress allows remote attackers to hijack the authentication of arbitrary users.
0
0
Attacker Value
Unknown

CVE-2014-4725

Disclosure Date: July 27, 2014 (last updated October 05, 2023)
The MailPoet Newsletters (wysija-newsletters) plugin before 2.6.7 for WordPress allows remote attackers to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in wp-content/uploads/wysija/themes/mailp/.
0
0
Attacker Value
Unknown

CVE-2014-4726

Disclosure Date: July 27, 2014 (last updated October 05, 2023)
Unspecified vulnerability in the MailPoet Newsletters (wysija-newsletters) plugin before 2.6.8 for WordPress has unspecified impact and attack vectors.
0
0
View More Topics  < Previous  Next >