CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 1CVE-2020-5768 – Icegram Email Subscribers & Newsletters <= 4.5.0 - Authenticated SQL Injection
https://notcve.org/view.php?id=CVE-2020-5768
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Icegram Email Subscribers & Newsletters Plugin for WordPress v4.4.8 allows a remote, authenticated attacker to determine the value of database fields. Una Neutralización inapropiada de elementos especiales usados en un comando SQL ("SQL Injection") en Icegram Email Subscribers & Newsletters Plugin para WordPress versión v4.4.8, permite a un atacante autenticado remoto determinar el valor de los campos de la base de datos • https://www.tenable.com/security/research/tra-2020-44-0 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-5767 – Icegram Email Subscribers & Newsletters Plugin for WordPress <= 4.5.0 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2020-5767
Cross-site request forgery in Icegram Email Subscribers & Newsletters Plugin for WordPress v4.4.8 allows a remote attacker to send forged emails by tricking legitimate users into clicking a crafted link. Una vulnerabilidad Cross-site request forgery en Icegram Email Subscribers & Newsletters Plugin para WordPress versión v4.4.8, permite a un atacante remoto enviar correos electrónicos falsificados al engañar a usuarios legítimos para que hagan clic en un enlace diseñado Cross-site request forgery in Icegram Email Subscribers & Newsletters Plugin for WordPress v4.5.0 allows a remote attacker to send forged emails by tricking legitimate users into clicking a crafted link. • https://www.tenable.com/security/research/tra-2020-44-0 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2019-19980 – Email Subscribers & Newsletters <= 4.2.2 - Missing Authorization to Test Email
https://notcve.org/view.php?id=CVE-2019-19980
The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a privilege bypass flaw that allowed authenticated users (Subscriber or greater access) to send test emails from the administrative dashboard on behalf of an administrator. This occurs because the plugin registers a wp_ajax function to send_test_email. El plugin de WordPress, Email Subscribers & Newsletters, versiones anteriores a 4.2.3, presentó un fallo de omisión de privilegios que permitía a usuarios autenticados (Suscriptor o acceso superior) enviar correos electrónicos de prueba desde el panel administrativo en nombre de un administrador. Esto se presenta porque el plugin registra una función wp_ajax en send_test_email. • https://wpvulndb.com/vulnerabilities/9946 https://www.wordfence.com/blog/2019/11/multiple-vulnerabilities-patched-in-email-subscribers-newsletters-plugin • CWE-305: Authentication Bypass by Primary Weakness •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2019-19981 – Email Subscribers & Newsletters <= 4.2.2 - Cross-Site Request Forgery on Settings
https://notcve.org/view.php?id=CVE-2019-19981
The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed for CSRF to be exploited on all plugin settings. El plugin de WordPress, Email Subscribers & Newsletters, versiones anteriores a 4.2.3, presentó un fallo que permitía que una vulnerabilidad de tipo CSRF sea explotada en todas las configuraciones del plugin. • https://wpvulndb.com/vulnerabilities/9946 https://www.wordfence.com/blog/2019/11/multiple-vulnerabilities-patched-in-email-subscribers-newsletters-plugin • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-19984 – Email Subscribers & Newsletters <= 4.2.2 - Missing Authorization
https://notcve.org/view.php?id=CVE-2019-19984
The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed users with edit_post capabilities to manage plugin settings and email campaigns. El plugin de WordPress, Email Subscribers & Newsletters, versiones anteriores a 4.2.3, presentó un fallo que permitía a usuarios con capacidades edit_post administrar la configuración del plugin y las campañas de correo electrónico. • https://wpvulndb.com/vulnerabilities/9946 https://www.wordfence.com/blog/2019/11/multiple-vulnerabilities-patched-in-email-subscribers-newsletters-plugin • CWE-863: Incorrect Authorization •