Newsletter 漏洞列表
共找到 9 个与 Newsletter 相关的漏洞
📅 加载漏洞趋势中...
-
CVE-2019-19985: WordPress Email Subscribers & Newsletters <4.2.3 - Arbitrary File Retrieval POC
WordPress Email Subscribers & Newsletters plugin before 4.2.3 is susceptible to arbitrary file retrieval via a flaw that allows unauthenticated file download and user information disclosure. An attacker can obtain sensitive information, modify data, and/or execute unauthorized administrative operations. -
CVE-2022-1756: Newsletter < 7.4.5 - Cross-Site Scripting POC
The Newsletter WordPress plugin before 7.4.5 does not sanitize and escape the $_SERVER['REQUEST_URI'] before echoing it back in admin pages. Although this uses addslashes, and most modern browsers automatically URLEncode requests, this is still vulnerable to Reflected XSS in older browsers such as Internet Explorer 9 or below. -
CVE-2023-27922: Newsletter < 7.6.9 - Cross-Site Scripting POC
The plugin does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as administrators -
CVE-2019-19985: WordPress Email Subscribers & Newsletters <4.2.3 - Arbitrary File Retrieval POC
WordPress Email Subscribers & Newsletters plugin before 4.2.3 is susceptible to arbitrary file retrieval via a flaw that allows unauthenticated file download and user information disclosure. An attacker can obtain sensitive information, modify data, and/or execute unauthorized administrative operations. -
CVE-2022-1756: Newsletter < 7.4.5 - Cross-Site Scripting POC
The Newsletter WordPress plugin before 7.4.5 does not sanitize and escape the $_SERVER['REQUEST_URI'] before echoing it back in admin pages. Although this uses addslashes, and most modern browsers automatically URLEncode requests, this is still vulnerable to Reflected XSS in older browsers such as Internet Explorer 9 or below. -
CVE-2023-27922: Newsletter < 7.6.9 - Cross-Site Scripting POC
The plugin does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as administrators -
newsletter-open-redirect: WordPress Newsletter Manager < 1.5 - Unauthenticated Open Redirect POC
WordPress Newsletter Manager < 1.5 is susceptible to an open redirect vulnerability. The plugin used base64 encoded user input in the appurl parameter without validation to redirect users using the header() PHP function, leading to an open redirect issue. -
wp-knews-xss: WordPress Knews Multilingual Newsletters 1.1.0 - Cross-Site Scripting POC
WordPress Knews Multilingual Newsletters 1.1.0 plugin contains a cross-site scripting vulnerability. An attacker can execute arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. -
WordPress插件Email Subscribers & Newsletters信息泄露(CVE-2019-19985) 无POC
4.2.3 之前的 WordPress 插件,Email Subscribers & Newsletters存在一个缺陷,允许未经身份验证的文件下载并泄露用户信息。