Pressified Sendpress

8 CVEs affecting Pressified Sendpress. Latest disclosed: 2024-06-14. Critical: 0, High: 2.

Top CVEs affecting Pressified Sendpress
CVESeverityScorePublishedSummary
CVE-2015-9448High8.82019-09-26The sendpress plugin before 1.2 for WordPress has SQL Injection via the wp-admin/admin.php?page=sp-queue listid parameter.
CVE-2023-47517High7.12023-11-14Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in SendPress Newsletters plugin <= 1.23.11.6 versions.
CVE-2024-1588Medium6.82024-04-08The SendPress Newsletters WordPress plugin through 1.23.11.6 does not sanitise and escape some of its settings, which could allow high privilege users such as…
CVE-2023-5660Medium6.42023-11-07The SendPress Newsletters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including…
CVE-2024-1589Medium6.12024-04-08The SendPress Newsletters WordPress plugin through 1.23.11.6 does not sanitise and escape some of its settings, which could allow high privilege users such as…
CVE-2023-41729Medium5.92023-10-02Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in SendPress Newsletters plugin <= 1.22.3.31 versions.
CVE-2023-35040Medium5.32024-06-14Missing Authorization vulnerability in SendPress SendPress Newsletters.This issue affects SendPress Newsletters: from n/a through 1.23.11.6.
CVE-2023-41730Medium4.32023-10-10Cross-Site Request Forgery (CSRF) vulnerability in SendPress Newsletters plugin <= 1.22.3.31 versions.