Search criteria
3 vulnerabilities found for easy_newsletter_signups by alphabpo
FKIE_CVE-2023-5108
Vulnerability from fkie_nvd - Published: 2023-12-04 22:15 - Updated: 2024-11-21 08:41
Severity ?
Summary
The Easy Newsletter Signups WordPress plugin through 1.0.4 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin
References
| URL | Tags | ||
|---|---|---|---|
| contact@wpscan.com | https://wpscan.com/vulnerability/1b277929-e88b-4ab6-9190-526e75f5ce7a | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wpscan.com/vulnerability/1b277929-e88b-4ab6-9190-526e75f5ce7a | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| alphabpo | easy_newsletter_signups | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:alphabpo:easy_newsletter_signups:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "DCEB111D-E317-4040-BF0F-2E407CF20F14",
"versionEndIncluding": "1.0.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Easy Newsletter Signups WordPress plugin through 1.0.4 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin"
},
{
"lang": "es",
"value": "El complemento Easy Newsletter Signups de WordPress hasta la versi\u00f3n 1.0.4 no sanitiza ni escapa adecuadamente un par\u00e1metro antes de usarlo en una declaraci\u00f3n SQL, lo que genera una inyecci\u00f3n de SQL explotable por usuarios con privilegios elevados, como el administrador."
}
],
"id": "CVE-2023-5108",
"lastModified": "2024-11-21T08:41:04.543",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-04T22:15:07.667",
"references": [
{
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/1b277929-e88b-4ab6-9190-526e75f5ce7a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/1b277929-e88b-4ab6-9190-526e75f5ce7a"
}
],
"sourceIdentifier": "contact@wpscan.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2023-5108 (GCVE-0-2023-5108)
Vulnerability from cvelistv5 – Published: 2023-12-04 21:29 – Updated: 2024-08-02 07:44
VLAI?
Title
Easy Newsletter Signups <= 1.0.4 - Admin+ SQLi
Summary
The Easy Newsletter Signups WordPress plugin through 1.0.4 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Easy Newsletter Signups |
Affected:
0 , ≤ 1.0.4
(semver)
|
Credits
Karolis Narvilas
WPScan
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:44:53.815Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/1b277929-e88b-4ab6-9190-526e75f5ce7a"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "affected",
"product": "Easy Newsletter Signups",
"vendor": "Unknown",
"versions": [
{
"lessThanOrEqual": "1.0.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Karolis Narvilas"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Easy Newsletter Signups WordPress plugin through 1.0.4 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-04T21:29:21.316Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/1b277929-e88b-4ab6-9190-526e75f5ce7a"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Easy Newsletter Signups \u003c= 1.0.4 - Admin+ SQLi",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2023-5108",
"datePublished": "2023-12-04T21:29:21.316Z",
"dateReserved": "2023-09-21T17:15:36.929Z",
"dateUpdated": "2024-08-02T07:44:53.815Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5108 (GCVE-0-2023-5108)
Vulnerability from nvd – Published: 2023-12-04 21:29 – Updated: 2024-08-02 07:44
VLAI?
Title
Easy Newsletter Signups <= 1.0.4 - Admin+ SQLi
Summary
The Easy Newsletter Signups WordPress plugin through 1.0.4 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Easy Newsletter Signups |
Affected:
0 , ≤ 1.0.4
(semver)
|
Credits
Karolis Narvilas
WPScan
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:44:53.815Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/1b277929-e88b-4ab6-9190-526e75f5ce7a"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "affected",
"product": "Easy Newsletter Signups",
"vendor": "Unknown",
"versions": [
{
"lessThanOrEqual": "1.0.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Karolis Narvilas"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Easy Newsletter Signups WordPress plugin through 1.0.4 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-04T21:29:21.316Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/1b277929-e88b-4ab6-9190-526e75f5ce7a"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Easy Newsletter Signups \u003c= 1.0.4 - Admin+ SQLi",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2023-5108",
"datePublished": "2023-12-04T21:29:21.316Z",
"dateReserved": "2023-09-21T17:15:36.929Z",
"dateUpdated": "2024-08-02T07:44:53.815Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}