CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37098 – WordPress BlossomThemes Email Newsletter plugin <= 2.2.6 - Server Side Request Forgery (SSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-37098
20 Jun 2024 — Server-Side Request Forgery (SSRF) vulnerability in Blossom Themes BlossomThemes Email Newsletter.This issue affects BlossomThemes Email Newsletter: from n/a through 2.2.6. Vulnerabilidad de Server Side Request Forgery (SSRF) en Blossom Themes BlossomThemes Email Newsletter. Este problema afecta a BlossomThemes Email Newsletter: desde n/a hasta 2.2.6. The BlossomThemes Email Newsletter plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.2.6. This makes i... • https://patchstack.com/database/vulnerability/blossomthemes-email-newsletter/wordpress-blossomthemes-email-newsletter-plugin-2-2-7-server-side-request-forgery-ssrf-vulnerability?_s_id=cve • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.5EPSS: 1%CPEs: 1EXPL: 0CVE-2024-5674 – Newsletter - API v1 and v2 addon for Newsletter <= 2.4.5 - Missing Authorization to Email Subscribers Management
https://notcve.org/view.php?id=CVE-2024-5674
11 Jun 2024 — The Newsletter - API v1 and v2 addon plugin for WordPress is vulnerable to unauthorized subscribers management due to PHP type juggling issue on the check_api_key function in all versions up to, and including, 2.4.5. This makes it possible for unauthenticated attackers to list, create or delete newsletter subscribers. This issue affects only sites running the PHP version below 8.0 El complemento Newsletter - API v1 y v2 para WordPress es vulnerable a la administración de suscriptores no autorizados debido a... • https://www.thenewsletterplugin.com/documentation/developers/newsletter-api-2 • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33944 – WordPress WooCommerce AWeber Newsletter Subscription plugin <= 4.0.2 - Unauthenticated Access Token Change/Reset vulnerability
https://notcve.org/view.php?id=CVE-2024-33944
30 Apr 2024 — Missing Authorization vulnerability in Kestrel WooCommerce AWeber Newsletter Subscription.This issue affects WooCommerce AWeber Newsletter Subscription: from n/a through 4.0.2. Vulnerabilidad de autorización faltante en Kestrel WooCommerce AWeber Newsletter Subscription. Este problema afecta la suscripción al boletín WooCommerce AWeber: desde n/a hasta 4.0.2. The WooCommerce AWeber Newsletter Subscription plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability che... • https://patchstack.com/database/vulnerability/woocommerce-aweber-newsletter-subscription/wordpress-woocommerce-aweber-newsletter-subscription-plugin-4-0-1-unauthenticated-access-token-change-reset-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32807 – WordPress Brevo for WooCommerce plugin <= 4.0.17 - Arbitrary File Download and Deletion vulnerability
https://notcve.org/view.php?id=CVE-2024-32807
22 Apr 2024 — Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Brevo Sendinblue for WooCommerce allows Relative Path Traversal, Manipulating Web Input to File System Calls.This issue affects Sendinblue for WooCommerce: from n/a through 4.0.17. Limitación inadecuada de una vulnerabilidad de nombre de ruta a un directorio restringido ("Path Traversal") en Brevo para WooCommerce Sendinblue para WooCommerce. Este problema afecta a Sendinblue para WooCommerce: desde n/a hasta 4.0... • https://patchstack.com/database/vulnerability/woocommerce-sendinblue-newsletter-subscription/wordpress-brevo-for-woocommerce-plugin-4-0-17-arbitrary-file-download-and-deletion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31434 – WordPress Newsletter plugin <= 8.0.6 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-31434
10 Apr 2024 — Cross-Site Request Forgery (CSRF) vulnerability in Stefano Lissa & The Newsletter Team Newsletter.This issue affects Newsletter: from n/a through 8.0.6. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Stefano Lissa y The Newsletter Team Newsletter. Este problema afecta a Newsletter: desde n/a hasta 8.0.6. The Newsletter plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.0.6. This is due to missing or incorrect nonce validation in the main/welcome.php ... • https://patchstack.com/database/vulnerability/newsletter/wordpress-newsletter-plugin-8-0-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31110 – WordPress Contact Form 7 Newsletter plugin <= 2.2 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-31110
29 Mar 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Katz Web Services, Inc. Contact Form 7 Newsletter allows Reflected XSS.This issue affects Contact Form 7 Newsletter: from n/a through 2.2. Neutralización inadecuada de la entrada durante la vulnerabilidad de generación de páginas web ('Cross-site Scripting') en Contact Form 7 Newsletter para WordPress de Katz Web Services, Inc. permite XSS reflejado. Este problema afecta el boletín del Formulario de contact... • https://patchstack.com/database/vulnerability/contact-form-7-newsletter/wordpress-contact-form-7-newsletter-plugin-2-2-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30522 – WordPress Newsletter plugin <= 8.2.0 - IP Blacklist Bypass vulnerability
https://notcve.org/view.php?id=CVE-2024-30522
28 Mar 2024 — Authentication Bypass by Spoofing vulnerability in Stefano Lissa & The Newsletter Team Newsletter allows Functionality Bypass.This issue affects Newsletter: from n/a through 8.2.0. Vulnerabilidad de omisión de autenticación mediante suplantación de identidad en Stefano Lissa & The Newsletter Team Newsletter permite la omisión de funcionalidad. Este problema afecta a Newsletter: desde n/a hasta 8.2.0. The Newsletter – Send awesome emails from WordPress plugin for WordPress is vulnerable to IP Address Spo... • https://patchstack.com/database/vulnerability/newsletter/wordpress-newsletter-plugin-8-2-0-ip-blacklist-bypass-vulnerability?_s_id=cve • CWE-290: Authentication Bypass by Spoofing CWE-348: Use of Less Trusted Source •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47849 – WordPress BlossomThemes Email Newsletter plugin <= 2.2.4 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-47849
20 Nov 2023 — Missing Authorization vulnerability in blossomthemes BlossomThemes Email Newsletter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BlossomThemes Email Newsletter: from n/a through 2.2.4. The BlossomThemes Email Newsletter plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the bten_get_mailing_list function in versions up to, and including, 2.2.4. This makes it possible for unauthenticated attackers to obtain a ma... • https://patchstack.com/database/wordpress/plugin/blossomthemes-email-newsletter/vulnerability/wordpress-blossomthemes-email-newsletter-plugin-2-2-4-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41664 – WordPress Easy Newsletter Signups plugin <= 1.0.4 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-41664
01 Sep 2023 — Missing Authorization vulnerability in AlphaBPO Easy Newsletter Signups allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Newsletter Signups: from n/a through 1.0.4. The Easy Newsletter Signups plugin for WordPress is vulnerable to unauthorized modification and disclosure of data due to a missing capability check on the wpesn_ltable_process_bulk_action() function hooked via admin_init in versions up to, and including, 1.0.4. This makes it possible for unauthenti... • https://patchstack.com/database/wordpress/plugin/easy-newsletter-signups/vulnerability/wordpress-easy-newsletter-signups-plugin-1-0-4-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0733 – Newsletter Popup <= 1.2 - Unauthenticated Stored XSS
https://notcve.org/view.php?id=CVE-2023-0733
02 May 2023 — The Newsletter Popup WordPress plugin through 1.2 does not sanitise and escape some of its settings, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks The Newsletter Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘nl_data’ parameter in versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute... • https://wpscan.com/vulnerability/fed1e184-ff56-44fe-9876-d17c0156447a • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •