CVE-2024-31352 – WordPress Icegram Express plugin <= 5.7.13 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-31352
Missing Authorization vulnerability in Email Subscribers & Newsletters.This issue affects Email Subscribers & Newsletters: from n/a through 5.7.13. Vulnerabilidad de falta de autorización en Email Subscribers & Newsletters. Este problema afecta a los suscriptores de correo electrónico y boletines informativos: desde n/a hasta 5.7.13. The Email Subscribers & Newsletters plugin for WordPress is vulnerable to unauthorized access due to a missing capability check in versions up to, and including, 5.7.13. This makes it possible for unauthenticated attackers to perform an unauthorized action. • https://patchstack.com/database/vulnerability/email-subscribers/wordpress-icegram-express-plugin-5-7-13-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVE-2024-22300 – WordPress Icegram Express plugin <= 5.7.11 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-22300
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Icegram Email Subscribers & Newsletters allows Reflected XSS.This issue affects Email Subscribers & Newsletters: from n/a through 5.7.11. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('cross-site Scripting') en Email Subscribers & Newsletters de Icegram para WordPress permite el XSS reflejado. Este problema afecta a los suscriptores de correo electrónico y boletines: desde n/a hasta 5.7.11. The Email Subscribers & Newsletters plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘campaign_id' parameter in versions up to, and including, 5.7.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/email-subscribers/wordpress-icegram-express-plugin-5-7-11-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-0602 – Email Subscribers & Newsletters <= 3.4.12 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-0602
Cross-site scripting vulnerability in Email Subscribers & Newsletters versions prior to 3.5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en versiones anteriores a la 3.5.0 de Email Subscribers Newsletters permite a atacantes remotos inyectar scripts web o HTML arbitrarios utilizando vectores no especificados. • http://jvn.jp/en/jp/JVN16471686/index.html https://wordpress.org/plugins/email-subscribers/#developers https://wpvulndb.com/vulnerabilities/9101 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •