CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33944 – WordPress WooCommerce AWeber Newsletter Subscription plugin <= 4.0.2 - Unauthenticated Access Token Change/Reset vulnerability
https://notcve.org/view.php?id=CVE-2024-33944
30 Apr 2024 — Missing Authorization vulnerability in Kestrel WooCommerce AWeber Newsletter Subscription.This issue affects WooCommerce AWeber Newsletter Subscription: from n/a through 4.0.2. Vulnerabilidad de autorización faltante en Kestrel WooCommerce AWeber Newsletter Subscription. Este problema afecta la suscripción al boletín WooCommerce AWeber: desde n/a hasta 4.0.2. The WooCommerce AWeber Newsletter Subscription plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability che... • https://patchstack.com/database/vulnerability/woocommerce-aweber-newsletter-subscription/wordpress-woocommerce-aweber-newsletter-subscription-plugin-4-0-1-unauthenticated-access-token-change-reset-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1793 – AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth By AWeber <= 7.3.14 - Authenticated (Admin+) SQL Injection
https://notcve.org/view.php?id=CVE-2024-1793
29 Feb 2024 — The AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth plugin for WordPress is vulnerable to SQL Injection via the 'post_id' parameter in all versions up to, and including, 7.3.14 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing quer... • https://glimmer-handball-dae.notion.site/AWeber-Authenticated-SQLi-Admin-6e0d31c4a14c42f4996f9e201482d4cc?pvs=4 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47757 – WordPress AWeber Plugin <= 7.3.9 is vulnerable to Broken Access Control
https://notcve.org/view.php?id=CVE-2023-47757
13 Nov 2023 — Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in AWeber AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth allows Accessing Functionality Not Properly Constrained by ACLs, Cross-Site Request Forgery.This issue affects AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth: from n/a through 7.3.9. Autorización faltante, vulnerabilidad de Cross-Site Request Forgery (CSRF) en AWe... • https://patchstack.com/database/vulnerability/aweber-web-form-widget/wordpress-aweber-plugin-7-3-9-broken-access-control-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) CWE-862: Missing Authorization •