VYPR

Plugin Newsletter Plugin

by WordPress

CVEs (7)

  • CVE-2024-3643HigMay 16, 2024
    risk 0.57cvss 8.8epss 0.00

    The Newsletter Popup WordPress plugin through 1.2 does not have CSRF check when deleting list, which could allow attackers to make logged in admins perform such action via a CSRF attack

  • CVE-2024-3642MedMay 16, 2024
    risk 0.45cvss 6.9epss 0.00

    The Newsletter Popup WordPress plugin through 1.2 does not have CSRF check when deleting subscriber, which could allow attackers to make logged in admins perform such action via a CSRF attack

  • CVE-2024-3641MedMay 16, 2024
    risk 0.40cvss 6.1epss 0.00

    The Newsletter Popup WordPress plugin through 1.2 does not sanitise and escape some parameters, which could allow unauthenticated visitors to perform Cross-Site Scripting attacks against admins

  • CVE-2021-25033MedFeb 14, 2022
    risk 0.33cvss 6.1epss 0.03

    The WordPress Newsletter Plugin WordPress plugin before 1.6.5 does not validate the to parameter before redirecting the user to its given value, leading to an open redirect issue

  • CVE-2024-3644MedMay 16, 2024
    risk 0.31cvss 4.8epss 0.00

    The Newsletter Popup WordPress plugin through 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in…

  • CVE-2022-1889MedJun 20, 2022
    risk 0.31cvss 4.8epss 0.01

    The Newsletter WordPress plugin before 7.4.6 does not escape and sanitise the preheader_text setting, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfilteredhtml is disallowed

  • CVE-2012-3588Jun 19, 2012
    risk 0.04cvss epss 0.11

    Directory traversal vulnerability in preview.php in the Plugin Newsletter plugin 1.5 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the data parameter.