Show filters
193 Total Results
Displaying 91-100 of 193
Sort by:
Attacker Value
Unknown
CVE-2022-4508
Disclosure Date: January 16, 2023 (last updated October 08, 2023)
The ConvertKit WordPress plugin before 2.0.5 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high-privilege users such as admins.
0
Attacker Value
Unknown
CVE-2022-47411
Disclosure Date: December 14, 2022 (last updated February 24, 2025)
An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. Data about subscribers may be obtained via unsubscribeAction operations.
0
Attacker Value
Unknown
CVE-2022-47410
Disclosure Date: December 14, 2022 (last updated February 24, 2025)
An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. Data about subscribers may be obtained via createAction operations.
0
Attacker Value
Unknown
CVE-2022-47409
Disclosure Date: December 14, 2022 (last updated October 08, 2023)
An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. Attackers can unsubscribe everyone via a series of modified subscription UIDs in deleteAction operations.
0
Attacker Value
Unknown
CVE-2022-47408
Disclosure Date: December 14, 2022 (last updated October 08, 2023)
An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. There is a CAPTCHA bypass that can lead to subscribing many people.
0
Attacker Value
Unknown
CVE-2022-3981
Disclosure Date: December 12, 2022 (last updated October 08, 2023)
The Icegram Express WordPress plugin before 5.5.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscriber
0
Attacker Value
Unknown
CVE-2022-41403
Disclosure Date: October 12, 2022 (last updated February 24, 2025)
OpenCart 3.x Newsletter Custom Popup was discovered to contain a SQL injection vulnerability via the email parameter at index.php?route=extension/module/so_newletter_custom_popup/newsletter.
0
Attacker Value
Unknown
CVE-2022-31856
Disclosure Date: July 05, 2022 (last updated February 24, 2025)
Newsletter Module v3.x was discovered to contain a SQL injection vulnerability via the zemez_newsletter_email parameter at /index.php.
0
Attacker Value
Unknown
CVE-2022-1889
Disclosure Date: June 20, 2022 (last updated February 23, 2025)
The Newsletter WordPress plugin before 7.4.6 does not escape and sanitise the preheader_text setting, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfilteredhtml is disallowed
0
Attacker Value
Unknown
CVE-2022-1756
Disclosure Date: June 13, 2022 (last updated February 23, 2025)
The Newsletter WordPress plugin before 7.4.5 does not sanitize and escape the $_SERVER['REQUEST_URI'] before echoing it back in admin pages. Although this uses addslashes, and most modern browsers automatically URLEncode requests, this is still vulnerable to Reflected XSS in older browsers such as Internet Explorer 9 or below.
0
