CVEs (25)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
1Icegram 1Email Subscribers & Newsletters Nov 21, 2024 Dec 26, 2019 N/A· v4 5.4 MEDIUM· v3 4.3 MEDIUM· v2 The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed for CSRF to be exploited on all plugin settings. |
1Icegram 1Email Subscribers & Newsletters Nov 21, 2024 Dec 26, 2019 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a privilege bypass flaw that allowed authenticated users (Subscriber or greater access) to send test emails from the administrative dashboard on beh...Show more |
1Icegram 1Email Subscribers & Newsletters Nov 21, 2024 Jul 28, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 An XSS vulnerability in the "Email Subscribers & Newsletters" plugin 4.1.6 for WordPress allows an attacker to inject malicious JavaScript code through a publicly available subscription form using the esfpx_name wp-admin...Show more |
1Icegram 1Email Subscribers & Newsletters Nov 21, 2024 Jul 19, 2019 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 A SQL injection vulnerability exists in the Icegram Email Subscribers & Newsletters plugin through 4.1.7 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL...Show more |
1Icegram 1Email Subscribers & Newsletters Nov 21, 2024 Jan 26, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in the "Email Subscribers & Newsletters" plugin before 3.4.8 for WordPress. Sending an HTTP POST request to a URI with /?es=export at the end, and adding option=view_all_subscribers in the body, a...Show more |