CVE-2024-13313
- EPSS 0.03%
- Veröffentlicht 15.05.2025 20:15:38
- Zuletzt bearbeitet 10.06.2025 12:01:55
The AWeber WordPress plugin through 7.3.20 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed ...
CVE-2024-1793
- EPSS 0.64%
- Veröffentlicht 13.03.2024 16:15:27
- Zuletzt bearbeitet 21.11.2024 08:51:20
The AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth plugin for WordPress is vulnerable to SQL Injection via the 'post_id' parameter in all versions up to, and including, 7.3.14 due to insuffi...
CVE-2023-47757
- EPSS 0.11%
- Veröffentlicht 17.11.2023 09:15:23
- Zuletzt bearbeitet 21.11.2024 08:30:45
Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in AWeber AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth allows Accessing Functionality Not Properly Constrained by ACL...