Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.8
CVE-2024-12743
- EPSS 0.03%
- Veröffentlicht 15.05.2025 20:15:37
- Zuletzt bearbeitet 10.06.2025 11:53:54
The MailPoet WordPress plugin before 5.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed ...
6.1
CVE-2024-10103
- EPSS 0.02%
- Veröffentlicht 19.11.2024 06:15:17
- Zuletzt bearbeitet 12.06.2025 17:01:45
In the process of testing the MailPoet WordPress plugin before 5.3.2, a vulnerability was found that allows you to implement Stored XSS on behalf of the editor by embedding malicious script, which entails account takeover backdoor
6.1
CVE-2019-11843
- EPSS 0.45%
- Veröffentlicht 02.06.2020 17:15:11
- Zuletzt bearbeitet 28.05.2025 14:29:39
The MailPoet plugin before 3.23.2 for WordPress allows remote attackers to inject arbitrary web script or HTML using extra parameters in the URL (Reflective Server-Side XSS).
1