Page 2 of 17 results (0.013 seconds)

CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 1

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Icegram Email Subscribers & Newsletters Plugin for WordPress v4.4.8 allows a remote, authenticated attacker to determine the value of database fields. Una Neutralización inapropiada de elementos especiales usados en un comando SQL ("SQL Injection") en Icegram Email Subscribers & Newsletters Plugin para WordPress versión v4.4.8, permite a un atacante autenticado remoto determinar el valor de los campos de la base de datos • https://www.tenable.com/security/research/tra-2020-44-0 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

Cross-site request forgery in Icegram Email Subscribers & Newsletters Plugin for WordPress v4.4.8 allows a remote attacker to send forged emails by tricking legitimate users into clicking a crafted link. Una vulnerabilidad Cross-site request forgery en Icegram Email Subscribers & Newsletters Plugin para WordPress versión v4.4.8, permite a un atacante remoto enviar correos electrónicos falsificados al engañar a usuarios legítimos para que hagan clic en un enlace diseñado Cross-site request forgery in Icegram Email Subscribers & Newsletters Plugin for WordPress v4.5.0 allows a remote attacker to send forged emails by tricking legitimate users into clicking a crafted link. • https://www.tenable.com/security/research/tra-2020-44-0 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1

The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a privilege bypass flaw that allowed authenticated users (Subscriber or greater access) to send test emails from the administrative dashboard on behalf of an administrator. This occurs because the plugin registers a wp_ajax function to send_test_email. El plugin de WordPress, Email Subscribers & Newsletters, versiones anteriores a 4.2.3, presentó un fallo de omisión de privilegios que permitía a usuarios autenticados (Suscriptor o acceso superior) enviar correos electrónicos de prueba desde el panel administrativo en nombre de un administrador. Esto se presenta porque el plugin registra una función wp_ajax en send_test_email. • https://wpvulndb.com/vulnerabilities/9946 https://www.wordfence.com/blog/2019/11/multiple-vulnerabilities-patched-in-email-subscribers-newsletters-plugin • CWE-305: Authentication Bypass by Primary Weakness •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed for CSRF to be exploited on all plugin settings. El plugin de WordPress, Email Subscribers & Newsletters, versiones anteriores a 4.2.3, presentó un fallo que permitía que una vulnerabilidad de tipo CSRF sea explotada en todas las configuraciones del plugin. • https://wpvulndb.com/vulnerabilities/9946 https://www.wordfence.com/blog/2019/11/multiple-vulnerabilities-patched-in-email-subscribers-newsletters-plugin • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed users with edit_post capabilities to manage plugin settings and email campaigns. El plugin de WordPress, Email Subscribers & Newsletters, versiones anteriores a 4.2.3, presentó un fallo que permitía a usuarios con capacidades edit_post administrar la configuración del plugin y las campañas de correo electrónico. • https://wpvulndb.com/vulnerabilities/9946 https://www.wordfence.com/blog/2019/11/multiple-vulnerabilities-patched-in-email-subscribers-newsletters-plugin • CWE-863: Incorrect Authorization •