CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41736 – WordPress Email posts to subscribers Plugin <= 6.2 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-41736
05 Sep 2023 — Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Email posts to subscribers plugin <= 6.2 versions. Vulnerabilidad de Coss-Site Scripting (XSS) autenticada (con permisos de admin o superiores) almacenada en el complemento Gopi Ramasamy Email posts to subscribers en versiones <= 6.2. The Email posts to subscribers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 6.2 due to insufficient input sanitization a... • https://patchstack.com/database/vulnerability/email-posts-to-subscribers/wordpress-email-posts-to-subscribers-plugin-6-2-cross-site-scripting-xss?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40677 – WordPress Vertical Marquee Plugin Plugin <= 7.1 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-40677
22 Aug 2023 — Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Vertical marquee plugin <= 7.1 versions. Vulnerabilidad de Coss-Site Scripting (XSS) autenticada (con permisos de admin o superiores) almacenada en el complemento de Gopi Ramasamy Vertical marquee en versiones <=7.1. The Vertical Marquee Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the admin settings in versions up to, and including, 7.1 due to insufficient input sanitization and output escapin... • https://patchstack.com/database/vulnerability/vertical-marquee-plugin/wordpress-vertical-marquee-plugin-plugin-7-1-cross-site-scripting-xss?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25463 – WordPress wp tell a friend popup form Plugin <= 7.1 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-25463
26 Jul 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Gopi Ramasamy WP tell a friend popup form plugin <= 7.1 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Gopi Ramasamy en el complemento Gopi Ramasamy WP tell a friend popup form en versiones <= 7.1. The wp tell a friend popup form plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 7.1. This is due to missing or incorrect nonce validation on the 'TellAFriend_admin' function. This makes ... • https://patchstack.com/database/vulnerability/wp-tell-a-friend-popup-form/wordpress-wp-tell-a-friend-popup-form-plugin-7-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25465 – WordPress wp tell a friend popup form Plugin <= 7.1 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-25465
26 Jul 2023 — Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy wp tell a friend popup form plugin <= 7.1 versions. Vulnerabilidad de Coss-Site Scripting (XSS) autenticada (con permisos de admin o superiores) almacenada en el plugin Gopi Ramasamy wp tell a friend popup form en versiones inferiores e incluyendo la 7.1. The wp tell a friend popup form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings versions up to, and including, 7.1 due to insufficient inpu... • https://patchstack.com/database/vulnerability/wp-tell-a-friend-popup-form/wordpress-wp-tell-a-friend-popup-form-plugin-7-1-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36523 – WordPress Email download link Plugin <= 3.7 is vulnerable to Sensitive Data Exposure
https://notcve.org/view.php?id=CVE-2023-36523
27 Jun 2023 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gopi Ramasamy Email download link.This issue affects Email download link: from n/a through 3.7. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en el enlace de descarga del correo electrónico de Gopi Ramasamy. Este problema afecta el enlace de descarga del correo electrónico: desde n/a hasta 3.7. The Email download link plugin for WordPress is vulnerable to Sensitive Information Exposure in version... • https://patchstack.com/database/vulnerability/email-download-link/wordpress-email-download-link-plugin-3-7-sensitive-data-exposure?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-46818 – WordPress Email posts to subscribers Plugin <= 6.2 is vulnerable to SQL Injection
https://notcve.org/view.php?id=CVE-2022-46818
19 Apr 2023 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Gopi Ramasamy Email posts to subscribers allows SQL Injection.This issue affects Email posts to subscribers: from n/a through 6.2. La neutralización incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyección SQL') en las publicaciones Gopi Ramasamy Email a los suscriptores permite la inyección de SQL. Este problema afecta las publicaciones de correo electrónico a los susc... • https://patchstack.com/database/vulnerability/email-posts-to-subscribers/wordpress-email-posts-to-subscribers-plugin-6-2-sql-injection?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2022-46819 – WordPress Continuous announcement scroller Plugin <= 13.0 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2022-46819
19 Apr 2023 — Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Continuous announcement scroller plugin <= 13.0 versions. The Continuous announcement scroller plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in versions up to, and including, 13.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will ex... • https://patchstack.com/database/vulnerability/continuous-announcement-scroller/wordpress-continuous-announcement-scroller-plugin-13-0-cross-site-scripting-xss?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-24418 – WordPress Tiny carousel horizontal slider plus Plugin <= 3.2 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-24418
06 Apr 2023 — Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Tiny carousel horizontal slider plus plugin <= 3.2 versions. The Tiny carousel horizontal slider plus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers , with administrator-level access and above, to inject arbitrary web scripts in pages that will ... • https://patchstack.com/database/vulnerability/tiny-carousel-horizontal-slider-plus/wordpress-tiny-carousel-horizontal-slider-plus-plugin-3-2-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •