Newsletter Popup

newsletter_popup

Vendor: Mndpsingh287 • 4 CVEs

CVEs (4)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-3644 1Mndpsingh287 1Newsletter Popup Jun 17, 2026 May 16, 2024 N/A· v4 4.8 MEDIUM· v3 N/A· v2 The Newsletter Popup WordPress plugin through 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfil...Show more The Newsletter Popup WordPress plugin through 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)Show less
CVE-2024-3643 1Mndpsingh287 1Newsletter Popup Jun 17, 2026 May 16, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 The Newsletter Popup WordPress plugin through 1.2 does not have CSRF check when deleting list, which could allow attackers to make logged in admins perform such action via a CSRF attack
CVE-2024-3642 1Mndpsingh287 1Newsletter Popup Jun 17, 2026 May 16, 2024 N/A· v4 6.9 MEDIUM· v3 N/A· v2 The Newsletter Popup WordPress plugin through 1.2 does not have CSRF check when deleting subscriber, which could allow attackers to make logged in admins perform such action via a CSRF attack
CVE-2024-3641 1Mndpsingh287 1Newsletter Popup Jun 17, 2026 May 16, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 The Newsletter Popup WordPress plugin through 1.2 does not sanitise and escape some parameters, which could allow unauthenticated visitors to perform Cross-Site Scripting attacks against admins