CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23602 – WordPress EELV Newsletter plugin <= 4.8.2 - Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-23602
16 Jan 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound EELV Newsletter allows Reflected XSS. This issue affects EELV Newsletter: from n/a through 4.8.2. The EELV Newsletter plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 4.8.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if ... • https://patchstack.com/database/wordpress/plugin/eelv-newsletter/vulnerability/wordpress-eelv-newsletter-plugin-4-8-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54430 – WordPress EELV Newsletter plugin <= 4.8.2 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-54430
12 Dec 2024 — Cross-Site Request Forgery (CSRF) vulnerability in Bastien Ho EELV Newsletter allows Cross Site Request Forgery.This issue affects EELV Newsletter: from n/a through 4.8.2. The EELV Newsletter plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.8.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged request granted they can trick a site administ... • https://patchstack.com/database/wordpress/plugin/eelv-newsletter/vulnerability/wordpress-eelv-newsletter-plugin-4-8-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18523 – EELV Newsletter <= 4.6.0 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2017-18523
18 May 2017 — The eelv-newsletter plugin before 4.6.1 for WordPress has CSRF in the address book. El plugin de boletín de noticias de eelv antes de 4.6.1 para WordPress tiene CSRF en la libreta de direcciones. The EELV Newsletter plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.6.0. This is due to missing or incorrect nonce validation in the 'eelv-newsletter/trunk/lettreinfo.php' file. This makes it possible for unauthenticated attackers to gain otherwise restricted acc... • https://wordpress.org/plugins/eelv-newsletter/#developers • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18522 – EELV Newsletter < 4.6.1 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-18522
18 May 2017 — The eelv-newsletter plugin before 4.6.1 for WordPress has XSS in the address book. El plugin de boletín de noticias de eelv antes de 4.6.1 para WordPress tiene XSS en la libreta de direcciones. • https://wordpress.org/plugins/eelv-newsletter/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2013-10028 – EELV Newsletter Plugin lettreinfo.php style_newsletter cross site scripting
https://notcve.org/view.php?id=CVE-2013-10028
17 Apr 2013 — A vulnerability was found in EELV Newsletter Plugin 2.x on WordPress. It has been rated as problematic. Affected by this issue is the function style_newsletter of the file lettreinfo.php. The manipulation of the argument email leads to cross site scripting. The attack may be launched remotely. • https://github.com/wp-plugins/eelv-newsletter/commit/3339b42316c5edf73e56eb209b6a3bb3e868d6ed • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •