CVE-2017-18522 – EELV Newsletter < 4.6.1 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-18522
The eelv-newsletter plugin before 4.6.1 for WordPress has XSS in the address book. El plugin de boletín de noticias de eelv antes de 4.6.1 para WordPress tiene XSS en la libreta de direcciones. • https://wordpress.org/plugins/eelv-newsletter/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-18523 – EELV Newsletter <= 4.6.0 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2017-18523
The eelv-newsletter plugin before 4.6.1 for WordPress has CSRF in the address book. El plugin de boletín de noticias de eelv antes de 4.6.1 para WordPress tiene CSRF en la libreta de direcciones. The EELV Newsletter plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.6.0. This is due to missing or incorrect nonce validation in the 'eelv-newsletter/trunk/lettreinfo.php' file. This makes it possible for unauthenticated attackers to gain otherwise restricted access to administrative actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://wordpress.org/plugins/eelv-newsletter/#developers • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2013-10028 – EELV Newsletter Plugin lettreinfo.php style_newsletter cross site scripting
https://notcve.org/view.php?id=CVE-2013-10028
A vulnerability was found in EELV Newsletter Plugin 2.x on WordPress. It has been rated as problematic. Affected by this issue is the function style_newsletter of the file lettreinfo.php. The manipulation of the argument email leads to cross site scripting. The attack may be launched remotely. • https://github.com/wp-plugins/eelv-newsletter/commit/3339b42316c5edf73e56eb209b6a3bb3e868d6ed https://vuldb.com/?ctiid.230660 https://vuldb.com/?id.230660 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •