CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43279 – WordPress Newsletters plugin <= 4.9.8 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-43279
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tribulant Newsletters allows Reflected XSS.This issue affects Newsletters: from n/a through 4.9.8. The Newsletters plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 4.9.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/newsletters-lite/wordpress-newsletters-plugin-4-9-8-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35718 – WordPress Newsletters plugin <= 4.9.5 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-35718
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tribulant Newsletters allows Reflected XSS.This issue affects Newsletters: from n/a through 4.9.5. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web (XSS o 'Cross-site Scripting') en Tribulant Newsletters permite el XSS reflejado. Este problema afecta a los boletines: desde n/a hasta 4.9.5. The Newsletters plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 4.9.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/newsletters-lite/wordpress-newsletters-plugin-4-9-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32954 – WordPress Newsletters plugin <= 4.9.5 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-32954
Unrestricted Upload of File with Dangerous Type vulnerability in Tribulant Newsletters.This issue affects Newsletters: from n/a through 4.9.5. Carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en Tribulant Newsletters. Este problema afecta a Newsletters: desde n/a hasta 4.9.5. The Newsletters plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 4.9.5. This makes it possible for authenticated attackers, with administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/newsletters-lite/wordpress-newsletters-plugin-4-9-5-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32953 – WordPress Newsletters plugin <= 4.9.5 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-32953
Insertion of Sensitive Information into Log File vulnerability in Newsletters.This issue affects Newsletters: from n/a through 4.9.5. Vulnerabilidad de inserción de información confidencial en un archivo de registro en Newsletters. Este problema afecta a Newsletters: desde n/a hasta 4.9.5. The Newsletters plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.9.5. This makes it possible for unauthenticated attackers to extract potentially sensitive information from log files. • https://patchstack.com/database/vulnerability/newsletters-lite/wordpress-newsletters-plugin-4-9-5-sensitive-data-exposure-vulnerability?_s_id=cve • CWE-532: Insertion of Sensitive Information into Log File •