Show filters
128 Total Results
Displaying 51-60 of 128
Sort by:
Attacker Value
Unknown
CVE-2023-25031
Disclosure Date: April 07, 2023 (last updated February 24, 2025)
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter plugin <= 2.7.1 versions.
0
Attacker Value
Unknown
CVE-2023-25020
Disclosure Date: April 07, 2023 (last updated February 24, 2025)
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter plugin <= 2.7.1.1 versions.
0
Attacker Value
Unknown
CVE-2023-25061
Disclosure Date: April 07, 2023 (last updated February 24, 2025)
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter plugin <= 2.7.1.1 versions.
0
Attacker Value
Unknown
CVE-2023-0543
Disclosure Date: February 27, 2023 (last updated October 08, 2023)
The Arigato Autoresponder and Newsletter WordPress plugin before 2.1.7.2 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
0
Attacker Value
Unknown
CVE-2022-4508
Disclosure Date: January 16, 2023 (last updated October 08, 2023)
The ConvertKit WordPress plugin before 2.0.5 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high-privilege users such as admins.
0
Attacker Value
Unknown
CVE-2022-47411
Disclosure Date: December 14, 2022 (last updated February 24, 2025)
An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. Data about subscribers may be obtained via unsubscribeAction operations.
0
Attacker Value
Unknown
CVE-2022-47410
Disclosure Date: December 14, 2022 (last updated February 24, 2025)
An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. Data about subscribers may be obtained via createAction operations.
0
Attacker Value
Unknown
CVE-2022-47409
Disclosure Date: December 14, 2022 (last updated October 08, 2023)
An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. Attackers can unsubscribe everyone via a series of modified subscription UIDs in deleteAction operations.
0
Attacker Value
Unknown
CVE-2022-47408
Disclosure Date: December 14, 2022 (last updated October 08, 2023)
An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. There is a CAPTCHA bypass that can lead to subscribing many people.
0
Attacker Value
Unknown
CVE-2022-41403
Disclosure Date: October 12, 2022 (last updated February 24, 2025)
OpenCart 3.x Newsletter Custom Popup was discovered to contain a SQL injection vulnerability via the email parameter at index.php?route=extension/module/so_newletter_custom_popup/newsletter.
0
