CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18523 – EELV Newsletter <= 4.6.0 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2017-18523
18 May 2017 — The eelv-newsletter plugin before 4.6.1 for WordPress has CSRF in the address book. El plugin de boletín de noticias de eelv antes de 4.6.1 para WordPress tiene CSRF en la libreta de direcciones. The EELV Newsletter plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.6.0. This is due to missing or incorrect nonce validation in the 'eelv-newsletter/trunk/lettreinfo.php' file. This makes it possible for unauthenticated attackers to gain otherwise restricted acc... • https://wordpress.org/plugins/eelv-newsletter/#developers • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18522 – EELV Newsletter < 4.6.1 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-18522
18 May 2017 — The eelv-newsletter plugin before 4.6.1 for WordPress has XSS in the address book. El plugin de boletín de noticias de eelv antes de 4.6.1 para WordPress tiene XSS en la libreta de direcciones. • https://wordpress.org/plugins/eelv-newsletter/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2013-10028 – EELV Newsletter Plugin lettreinfo.php style_newsletter cross site scripting
https://notcve.org/view.php?id=CVE-2013-10028
17 Apr 2013 — A vulnerability was found in EELV Newsletter Plugin 2.x on WordPress. It has been rated as problematic. Affected by this issue is the function style_newsletter of the file lettreinfo.php. The manipulation of the argument email leads to cross site scripting. The attack may be launched remotely. • https://github.com/wp-plugins/eelv-newsletter/commit/3339b42316c5edf73e56eb209b6a3bb3e868d6ed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •