CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37098 – WordPress BlossomThemes Email Newsletter plugin <= 2.2.6 - Server Side Request Forgery (SSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-37098
Server-Side Request Forgery (SSRF) vulnerability in Blossom Themes BlossomThemes Email Newsletter.This issue affects BlossomThemes Email Newsletter: from n/a through 2.2.6. Vulnerabilidad de Server Side Request Forgery (SSRF) en Blossom Themes BlossomThemes Email Newsletter. Este problema afecta a BlossomThemes Email Newsletter: desde n/a hasta 2.2.6. The BlossomThemes Email Newsletter plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.2.6. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to arbitrary locations originating from the web application which can be used to query and modify information from internal services. • https://patchstack.com/database/vulnerability/blossomthemes-email-newsletter/wordpress-blossomthemes-email-newsletter-plugin-2-2-7-server-side-request-forgery-ssrf-vulnerability?_s_id=cve • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47849 – BlossomThemes Email Newsletter <= 2.2.4 - Missing Authorization
https://notcve.org/view.php?id=CVE-2023-47849
The BlossomThemes Email Newsletter plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the bten_get_mailing_list function in versions up to, and including, 2.2.4. This makes it possible for unauthenticated attackers to obtain a mailing list. • CWE-862: Missing Authorization •