Pressified Sendpress
8 CVEs affecting Pressified Sendpress. Latest disclosed: 2024-06-14. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2015-9448 | High | 8.8 | 2019-09-26 | The sendpress plugin before 1.2 for WordPress has SQL Injection via the wp-admin/admin.php?page=sp-queue listid parameter. |
CVE-2023-47517 | High | 7.1 | 2023-11-14 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in SendPress Newsletters plugin <= 1.23.11.6 versions. |
CVE-2024-1588 | Medium | 6.8 | 2024-04-08 | The SendPress Newsletters WordPress plugin through 1.23.11.6 does not sanitise and escape some of its settings, which could allow high privilege users such as… |
CVE-2023-5660 | Medium | 6.4 | 2023-11-07 | The SendPress Newsletters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including… |
CVE-2024-1589 | Medium | 6.1 | 2024-04-08 | The SendPress Newsletters WordPress plugin through 1.23.11.6 does not sanitise and escape some of its settings, which could allow high privilege users such as… |
CVE-2023-41729 | Medium | 5.9 | 2023-10-02 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in SendPress Newsletters plugin <= 1.22.3.31 versions. |
CVE-2023-35040 | Medium | 5.3 | 2024-06-14 | Missing Authorization vulnerability in SendPress SendPress Newsletters.This issue affects SendPress Newsletters: from n/a through 1.23.11.6. |
CVE-2023-41730 | Medium | 4.3 | 2023-10-10 | Cross-Site Request Forgery (CSRF) vulnerability in SendPress Newsletters plugin <= 1.22.3.31 versions. |