Mndpsingh287 Newsletter_popup
4 CVEs affecting Mndpsingh287 Newsletter_popup. Latest disclosed: 2024-05-16. Critical: 0, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-3643 | High | 8.8 | 2024-05-16 | The Newsletter Popup WordPress plugin through 1.2 does not have CSRF check when deleting list, which could allow attackers to make logged in admins perform suc… |
CVE-2024-3642 | Medium | 6.9 | 2024-05-16 | The Newsletter Popup WordPress plugin through 1.2 does not have CSRF check when deleting subscriber, which could allow attackers to make logged in admins perfo… |
CVE-2024-3641 | Medium | 6.1 | 2024-05-16 | The Newsletter Popup WordPress plugin through 1.2 does not sanitise and escape some parameters, which could allow unauthenticated visitors to perform Cross-Sit… |
CVE-2024-3644 | Medium | 4.8 | 2024-05-16 | The Newsletter Popup WordPress plugin through 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to pe… |