CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-20853 – MailPoet Newsletters <= 2.8.1 - Spam Injection
https://notcve.org/view.php?id=CVE-2018-20853
An issue was discovered in the MailPoet Newsletters (aka wysija-newsletters) plugin before 2.8.2 for WordPress. The plugin is vulnerable to SPAM attacks. Se descubrió un problema en el plugin MailPoet Newsletters (también se conoce como wysija-newsletters) versiones anteriores a la versión 2.8.2 para WordPress. El plugin es vulnerable a los ataques de SPAM. • https://wordpress.org/plugins/wysija-newsletters/#developers • CWE-862: Missing Authorization •
CVSS: 6.8EPSS: 0%CPEs: 73EXPL: 0CVE-2014-3907 – MailPoet Newsletters (Previous) <= 2.6.10 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2014-3907
Cross-site request forgery (CSRF) vulnerability in the MailPoet Newsletters (wysija-newsletters) plugin before 2.6.11 for WordPress allows remote attackers to hijack the authentication of arbitrary users. Vulnerabilidad de CSRF en el plugin MailPoet Newsletters (wysija-newsletters) anterior a 2.6.11 para WordPress permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios. • http://jvn.jp/en/jp/JVN94409737/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2014-000101 http://wordpress.org/plugins/wysija-newsletters/changelog • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 70EXPL: 0CVE-2014-4726 – MailPoet Newsletters <= 2.6.7 - Authorization Bypass
https://notcve.org/view.php?id=CVE-2014-4726
Unspecified vulnerability in the MailPoet Newsletters (wysija-newsletters) plugin before 2.6.8 for WordPress has unspecified impact and attack vectors. Vulnerabilidad no especificada en el plugin MailPoet Newsletters (wysija-newsletters) anterior a 2.6.8 para WordPress tiene impacto y vectores de ataque no especificados. • http://www.openwall.com/lists/oss-security/2014/07/08/7 https://wordpress.org/plugins/wysija-newsletters/changelog • CWE-639: Authorization Bypass Through User-Controlled Key •