Email Newsletter
by WordPress
CVEs (2)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-9334 | Cri | 0.64 | 9.8 | 0.02 | Aug 22, 2019 | The email-newsletter plugin through 20.15 for WordPress has SQL injection. | ||
| CVE-2024-13098 | Med | 0.35 | 5.4 | 0.01 | Feb 1, 2025 | The WordPress Email Newsletter WordPress plugin through 1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. |
- risk 0.64cvss 9.8epss 0.02
The email-newsletter plugin through 20.15 for WordPress has SQL injection.
- risk 0.35cvss 5.4epss 0.01
The WordPress Email Newsletter WordPress plugin through 1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.