CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-0602 – Email Subscribers & Newsletters <= 3.4.12 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-0602
Cross-site scripting vulnerability in Email Subscribers & Newsletters versions prior to 3.5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en versiones anteriores a la 3.5.0 de Email Subscribers Newsletters permite a atacantes remotos inyectar scripts web o HTML arbitrarios utilizando vectores no especificados. • http://jvn.jp/en/jp/JVN16471686/index.html https://wordpress.org/plugins/email-subscribers/#developers https://wpvulndb.com/vulnerabilities/9101 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 69%CPEs: 1EXPL: 1CVE-2018-6015 – Email Subscribers & Newsletters <= 3.4.7 - Unauthenticated Subscriber Download
https://notcve.org/view.php?id=CVE-2018-6015
An issue was discovered in the "Email Subscribers & Newsletters" plugin before 3.4.8 for WordPress. Sending an HTTP POST request to a URI with /?es=export at the end, and adding option=view_all_subscribers in the body, allows downloading of a CSV data file with all subscriber data. Se ha descubierto un problema en el plugin "Email Subscribers Newsletters" en versiones anteriores a la 3.4.8 para WordPress. El envío de una petición HTTP POST a una URI con /? • https://blog.threatpress.com/vulnerability-email-subscribers-plugin https://wordpress.org/plugins/email-subscribers/#developers https://www.exploit-db.com/exploits/43872 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •