Show filters
3 Total Results
Displaying 1-3 of 3
Sort by:
Attacker Value
Unknown
CVE-2023-35040
Disclosure Date: June 14, 2024 (last updated June 14, 2024)
Missing Authorization vulnerability in SendPress SendPress Newsletters.This issue affects SendPress Newsletters: from n/a through 1.23.11.6.
0
Attacker Value
Unknown
CVE-2024-1589
Disclosure Date: April 08, 2024 (last updated April 10, 2024)
The SendPress Newsletters WordPress plugin through 1.23.11.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
0
Attacker Value
Unknown
CVE-2024-1588
Disclosure Date: April 08, 2024 (last updated April 10, 2024)
The SendPress Newsletters WordPress plugin through 1.23.11.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
0
