🔎 Have you found a vulnerability in a WordPress plugin or theme? Report vulnerabilities in WordPress plugins and themes through our bug bounty program and earn a bounty on all in-scope submissions, while we handle the responsible disclosure process on your behalf.

Newsletter Popup

Wordfence Intelligence > Vulnerability Database > WordPress Plugins > Newsletter Popup

Information

Software Type	Plugin
Software Slug	newsletter-popup (view on wordpress.org)
Software Status	Removed
Software Author	mndpsingh287
Software Website	www.webdesi9.com
Software Downloads	18,408
Software Active Installs	400
Software Record Last Updated	July 26, 2024

6 Vulnerabilities

Newsletter Popup <= 1.2 - Cross-Site Request Forgery to List Deletion

4.3

CVE-2024-3643

Apr 25, 2024

Researcher: Bob Matyas

Newsletter Popup <= 1.2 - Cross-Site Request Forgery to Subscriber Deletion

4.3

CVE-2024-3642

Apr 25, 2024

Researcher: Bob Matyas

Newsletter Popup <= 1.2 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4

CVE-2024-3644

Apr 25, 2024

Researcher: Bob Matyas

Newsletter Popup <= 1.2 - Unauthenticated Stored Cross-Site Scripting

7.2

CVE-2024-3641

Apr 25, 2024

Researcher: Bob Matyas

Newsletter Popup <= 1.2 - Cross-Site Request Forgery to Record Deletion

4.3

CVE-2023-0766

May 2, 2023

Researcher: István Márton

Newsletter Popup <= 1.2 - Unauthenticted Stored Cross-Site Scripting via 'nl_data'

7.2

CVE-2023-0733

May 2, 2023

Researcher: István Márton

Title	Status	CVE ID	CVSS	Researchers	Date
Newsletter Popup <= 1.2 - Cross-Site Request Forgery to List Deletion	Unpatched	CVE-2024-3643	4.3	Bob Matyas	April 25, 2024
Newsletter Popup <= 1.2 - Cross-Site Request Forgery to Subscriber Deletion	Unpatched	CVE-2024-3642	4.3	Bob Matyas	April 25, 2024
Newsletter Popup <= 1.2 - Authenticated (Admin+) Stored Cross-Site Scripting	Unpatched	CVE-2024-3644	4.4	Bob Matyas	April 25, 2024
Newsletter Popup <= 1.2 - Unauthenticated Stored Cross-Site Scripting	Unpatched	CVE-2024-3641	7.2	Bob Matyas	April 25, 2024
Newsletter Popup <= 1.2 - Cross-Site Request Forgery to Record Deletion	Unpatched	CVE-2023-0766	4.3	István Márton	May 2, 2023
Newsletter Popup <= 1.2 - Unauthenticted Stored Cross-Site Scripting via 'nl_data'	Unpatched	CVE-2023-0733	7.2	István Márton	May 2, 2023

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation