ALO EasyMail Newsletter | Plugin Vulnerabilities

Tag Archives: ALO EasyMail Newsletter

If you are looking to find out about vulnerabilities in ALO EasyMail Newsletter or another plugin you use or are looking to use, you won't find most of our data on our blog. Instead you should sign up for the service so that you get access to all of the data we have gathered, which is much more data than other sources out there will provide you. You can currently try the service for free.

If you have a hacked website then trying to find vulnerabilities in the plugins you use is not the way to determine how the website has been backed, instead the evidence from the hack and the relevant logging should be scrutinized. Our hack cleanup service for WordPress websites includes doing that, as well as a lifetime subscription to this service.

Reflected Cross-Site Scripting (XSS) Vulnerability in ALO EasyMail Newsletter

We recently discovered the ALO EasyMail Newsletter plugin had a reflected cross-site scripting (XSS) vulnerability. In version 2.8.1, and some prior versions, the file /alo-easymail-admin-subscribers.php was echoing a GET variable without escaping it. That occurred on line 126: <input type=”hidden” name=”sortby” value=”<?php echo $_GET[‘sortby’] ?>” /> Proof Of Concept The following proof of concept URL will cause [Read more]

Plugin Vulnerabilities

A service to protect your site against vulnerabilities in WordPress plugins.