CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-9334 – Email Newsletter <= 20.15 - Unauthenticated SQL Injection
https://notcve.org/view.php?id=CVE-2015-9334
25 Jun 2015 — The email-newsletter plugin through 20.15 for WordPress has SQL injection. El plugin de boletín de correo electrónico hasta 20.15 para WordPress tiene inyección SQL The Email Newsletter plugin for WordPress is vulnerable to generic SQL Injection in versions up to, and including, 20.15 due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already exist... • https://wordpress.org/plugins/email-newsletter/#developers • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 1%CPEs: 1EXPL: 2CVE-2014-4939 – ENL Newsletter <= 1.0.1 - Authenticated (Admin+) SQL Injection
https://notcve.org/view.php?id=CVE-2014-4939
28 May 2014 — SQL injection vulnerability in the ENL Newsletter (enl-newsletter) plugin 1.0.1 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter in the enl-add-new page to wp-admin/admin.php. Vulnerabilidad de inyección SQL en el plugin ENL Newsletter (enl-newsletter) 1.0.1 para WordPress permite a administradores remotos autenticados ejecutar comandos SQL arbitrarios a través del parámetro id en la página enl-add-new en wp-admin/admin.php. • https://www.exploit-db.com/exploits/39253 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2013-10028 – EELV Newsletter Plugin lettreinfo.php style_newsletter cross site scripting
https://notcve.org/view.php?id=CVE-2013-10028
17 Apr 2013 — A vulnerability was found in EELV Newsletter Plugin 2.x on WordPress. It has been rated as problematic. Affected by this issue is the function style_newsletter of the file lettreinfo.php. The manipulation of the argument email leads to cross site scripting. The attack may be launched remotely. • https://github.com/wp-plugins/eelv-newsletter/commit/3339b42316c5edf73e56eb209b6a3bb3e868d6ed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 5%CPEs: 1EXPL: 1CVE-2007-6301 – OpenNewsletter 2.5 - 'Compose.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-6301
10 Dec 2007 — Cross-site scripting (XSS) vulnerability in compose.php in OpenNewsletter 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the type parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en compose.php de OpenNewsletter 2.5 y versiones anteriores permite a atacantes remotos inyectar scripts web o HTML de su elección a través del parámetro type. • https://www.exploit-db.com/exploits/30853 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 1%CPEs: 2EXPL: 2CVE-2006-6786 – open NewsLetter 2.5 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2006-6786
28 Dec 2006 — Open Newsletter 2.5 and earlier allows remote authenticated administrators to execute arbitrary PHP code by inserting the code into the email parameter to (1) subscribe.php or (2) unsubscribe.php. Open Newsletter 2.5 y anteriores permite a administradores autenticados remotamente ejecutar código PHP de su elección insertando él código en el parámetro email de (1) subscribe.php o (2) unsubscribe.php. • https://www.exploit-db.com/exploits/2981 •
CVSS: 9.8EPSS: 8%CPEs: 2EXPL: 2CVE-2006-6785 – open NewsLetter 2.5 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2006-6785
28 Dec 2006 — The (1) settings.php and (2) subscribers.php scripts in Open Newsletter 2.5 and earlier do not exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions, or execute arbitrary code in conjunction with another vulnerability. Las secuencias de comandos (1) settings.php y (2) subscribers.php en Open Newsletter 2.5 y anteriores no terminan cuando la autenticación falla, lo que permite a atacantes remotos ejecutar acciones administrativas no autorizadas, o ejecut... • https://www.exploit-db.com/exploits/2981 •