Enl Newsletter Plugin Project Enl-Newsletter vulnerabilities
4 known vulnerabilities affecting enl_newsletter_plugin_project/enl-newsletter.
Total CVEs
4
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
MEDIUM4
Vulnerabilities
Page 1 of 1
CVE-2024-3059MEDIUMCVSS 5.7≤ 1.0.12024-04-26
CVE-2024-3059 [MEDIUM] CWE-352 CVE-2024-3059: The ENL Newsletter WordPress plugin through 1.0.1 does not have CSRF checks in some places, which co
The ENL Newsletter WordPress plugin through 1.0.1 does not have CSRF checks in some places, which could allow attackers to make logged in admins delete arbitrary Campaigns via a CSRF attack
nvd
CVE-2024-3058MEDIUMCVSS 5.4≤ 1.0.12024-04-26
CVE-2024-3058 [MEDIUM] CWE-352 CVE-2024-3058: The ENL Newsletter WordPress plugin through 1.0.1 does not have CSRF check in some places, and is mi
The ENL Newsletter WordPress plugin through 1.0.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack
nvd
CVE-2024-3060MEDIUMCVSS 4.5≤ 1.0.12024-04-26
CVE-2024-3060 [MEDIUM] CWE-89 CVE-2024-3060: The ENL Newsletter WordPress plugin through 1.0.1 does not sanitize and escape a parameter before us
The ENL Newsletter WordPress plugin through 1.0.1 does not sanitize and escape a parameter before using it in a SQL statement, allowing admin+ to perform SQL injection attacks
nvd
CVE-2014-4939MEDIUMCVSS 6.5PoCv1.0.12014-07-11
CVE-2014-4939 [MEDIUM] CWE-89 CVE-2014-4939: SQL injection vulnerability in the ENL Newsletter (enl-newsletter) plugin 1.0.1 for WordPress allows
SQL injection vulnerability in the ENL Newsletter (enl-newsletter) plugin 1.0.1 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter in the enl-add-new page to wp-admin/admin.php.
nvd