NotCVE - vendor:"Sendpulse Email Marketing Newsletter"

2 results (0.001 seconds)

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2025-47547 – WordPress SendPulse Email Marketing Newsletter <= 2.1.6 - Cross Site Scripting (XSS) Vulnerability

https://notcve.org/view.php?id=CVE-2025-47547

07 May 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SendPulse SendPulse Email Marketing Newsletter allows Stored XSS. This issue affects SendPulse Email Marketing Newsletter: from n/a through 2.1.6. The SendPulse Email Marketing Newsletter plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with... • https://patchstack.com/database/wordpress/plugin/sendpulse-email-marketing-newsletter/vulnerability/wordpress-sendpulse-email-marketing-newsletter-2-1-6-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2025-22662 – WordPress SendPulse Email Marketing Newsletter plugin <= 2.1.5 - Cross Site Scripting (XSS) vulnerability

https://notcve.org/view.php?id=CVE-2025-22662

03 Feb 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SendPulse SendPulse Email Marketing Newsletter allows Stored XSS. This issue affects SendPulse Email Marketing Newsletter: from n/a through 2.1.5. The SendPulse Email Marketing Newsletter plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with... • https://patchstack.com/database/wordpress/plugin/sendpulse-email-marketing-newsletter/vulnerability/wordpress-sendpulse-email-marketing-newsletter-plugin-2-1-5-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •