Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Vulnerability List
Clear Filters
Found 112 results
CVE IDTitleVendorProductSeverityCVSS ScorePublished AtAI Analysis
CVE-2024-44012 WordPress WP Newsletter Subscription plugin <= 1.1 - Local File Inclusion vulnerability wpdev33WP Newsletter Subscription High 7.5 2024-10-05 10:34:46 Deep Dive
CVE-2024-39657 WordPress Sender plugin <= 2.6.18 - Cross Site Request Forgery (CSRF) vulnerability SenderSender – Newsletter, SMS and Email Marketing Automation for WooCommerce Medium 4.3 2024-08-26 20:54:09 Deep Dive
CVE-2024-43287 WordPress Brevo plugin <= 3.1.82 - Cross Site Request Forgery (CSRF) vulnerability BrevoNewsletter, SMTP, Email marketing and Subscribe forms by Sendinblue Medium 4.3 2024-08-26 20:46:07 Deep Dive
CVE-2024-7384 AcyMailing <= 9.7.2 - Authenticated (Subscriber+) Arbitrary File Upload via acym_extractArchive Function acybaAcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress High 7.5 2024-08-22 02:02:02 Deep Dive
CVE-2024-43126 WordPress Sender – Newsletter, SMS and Email Marketing Automation for WooCommerce plugin <= 2.6.14 - Cross Site Scripting (XSS) vulnerability SenderSender – Newsletter, SMS and Email Marketing Automation for WooCommerce High 7.1 2024-08-12 22:34:23 Deep Dive
CVE-2024-37098 WordPress BlossomThemes Email Newsletter plugin <= 2.2.6 - Server Side Request Forgery (SSRF) vulnerability Blossom ThemesBlossomThemes Email Newsletter Medium 4.4 2024-06-26 10:54:17 Deep Dive
CVE-2024-3961 ConvertKit <= 2.4.9 - Missing Authorization convertkitKit (formerly ConvertKit) – Email Newsletter, Email Marketing, Membership, Subscribers and Landing Pages Medium 5.3 2024-06-21 03:49:00 Deep Dive
CVE-2024-5674 Newsletter - API v1 and v2 addon for Newsletter <= 2.4.5 - Missing Authorization to Email Subscribers Management The Newsletter TeamNewsletter - API v1 and v2 addon for Newsletter Medium 6.5 2024-06-12 11:05:09 Deep Dive
CVE-2024-5317 Newsletter <= 8.3.4 - Unauthenticated Stored Cross-Site Scripting via np1 satolloNewsletter – Send awesome emails from WordPress Medium 6.4 2024-06-05 01:56:30 Deep Dive
CVE-2024-35668 WordPress Newsletter, SMTP, Email marketing and Subscribe forms by Brevo plugin <= 3.1.77 - Reflected Cross Site Scripting (XSS) vulnerability BrevoNewsletter, SMTP, Email marketing and Subscribe forms by Sendinblue High 7.1 2024-06-04 13:48:46 Deep Dive
CVE-2024-30522 WordPress Newsletter plugin <= 8.2.0 - IP Blacklist Bypass vulnerability Stefano Lissa & The Newsletter TeamNewsletter Medium 5.3 2024-05-17 08:21:17 Deep Dive
CVE-2024-3642 Newsletter Popup <= 1.2 - Subscriber Deletion via CSRF UnknownNewsletter Popup--2024-05-16 06:00:03 Deep Dive
CVE-2024-3643 Newsletter Popup <= 1.2 - List Deletion via CSRF UnknownNewsletter Popup--2024-05-16 06:00:03 Deep Dive
CVE-2024-3644 Newsletter Popup <= 1.2 - Admin+ Stored XSS UnknownNewsletter Popup--2024-05-16 06:00:03 Deep Dive
CVE-2024-3641 Newsletter Popup <= 1.2 - Unauthenticated Stored XSS UnknownNewsletter Popup--2024-05-16 06:00:02 Deep Dive
CVE-2024-34823 WordPress Arigato Autoresponder and Newsletter plugin <= 2.7.2.3 - Cross Site Request Forgery (CSRF) vulnerability Kiboko LabsArigato Autoresponder and Newsletter Medium 4.3 2024-05-10 08:21:52 Deep Dive
CVE-2024-33944 WordPress WooCommerce AWeber Newsletter Subscription plugin <= 4.0.2 - Unauthenticated Access Token Change/Reset vulnerability KestrelWooCommerce AWeber Newsletter Subscription Medium 6.5 2024-05-02 11:26:49 Deep Dive
CVE-2024-3058 ENL Newsletter <= 1.0.1 - Stored XSS via CSRF UnknownENL Newsletter--2024-04-26 05:00:04 Deep Dive
CVE-2024-3059 ENL Newsletter <= 1.0.1 - Campaign Deletion via CSRF UnknownENL Newsletter--2024-04-26 05:00:04 Deep Dive
CVE-2024-3060 ENL Newsletter <= 1.0.1 - Admin+ SQL Injection UnknownENL Newsletter--2024-04-26 05:00:04 Deep Dive