CVE-2024-11195
- EPSS 0.27%
- Veröffentlicht 19.11.2024 11:15:05
- Zuletzt bearbeitet 09.07.2025 18:36:54
The Email Subscription Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's print_email_subscribe_form shortcode in all versions up to, and including, 1.2.22 due to insufficient input sanitization and output escapi...
CVE-2024-27960
- EPSS 0.08%
- Veröffentlicht 17.03.2024 17:15:07
- Zuletzt bearbeitet 27.02.2025 03:34:34
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in I Thirteen Web Solution Email Subscription Popup allows Stored XSS.This issue affects Email Subscription Popup: from n/a through 1.2.20.
CVE-2023-6555
- EPSS 0.37%
- Veröffentlicht 08.01.2024 19:15:10
- Zuletzt bearbeitet 18.06.2025 17:15:27
The Email Subscription Popup WordPress plugin before 1.2.20 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
CVE-2023-6527
- EPSS 0.71%
- Veröffentlicht 06.12.2023 05:15:10
- Zuletzt bearbeitet 21.11.2024 08:44:02
The Email Subscription Popup plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the HTTP_REFERER header in all versions up to, and including, 1.2.18 due to insufficient input sanitization and output escaping. This makes it possi...
CVE-2023-30489
- EPSS 0.43%
- Veröffentlicht 14.08.2023 15:15:11
- Zuletzt bearbeitet 21.11.2024 08:00:16
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Email Subscription Popup plugin <= 1.2.16 versions.