Login

Plugin Vulnerabilities

A service to protect your site against vulnerabilities in WordPress plugins.

  • Why Plugin Vulnerabilities?
    • Proactive Monitoring for New Vulnerabilities
    • We Are Improving the Security of WordPress Plugins
    • You Select Plugins To Get Security Reviews
    • Our Data vs WPScan’s Data
  • Sign Up For the Service
  • Additional Services
    • WordPress Plugin Security Review Service
    • Weekly Newsletter Service
    • Daily Newsletter Service
    • Subscription for ClassicPress
  • Blog
    • WordPress Plugin Security Reviews
    • Our Vulnerability Reports
  • Contact Us
    • Report a Vulnerability We Are Missing
  • More
    • WordPress Plugins We Have Vulnerabilities Listings for in Our Data Set
    • Plugin Security Checker
    • Set Up
    • Where To Find Our Data
    • Get the Companion Plugin
    • Hacked WordPress Website Cleanup
    • Vulnerability Disclosure Policy
    • Get Free Help Fixing A Security Vulnerability In Your WordPress Plugin
    • Security Bug Bounty Program

Plugin Vulnerabilities

A service to protect your site against vulnerabilities in WordPress plugins.

Login
  • Why Plugin Vulnerabilities?
    • Proactive Monitoring for New Vulnerabilities
    • We Are Improving the Security of WordPress Plugins
    • You Select Plugins To Get Security Reviews
    • Our Data vs WPScan’s Data
  • Sign Up For the Service
  • Additional Services
    • WordPress Plugin Security Review Service
    • Weekly Newsletter Service
    • Daily Newsletter Service
    • Subscription for ClassicPress
  • Blog
    • WordPress Plugin Security Reviews
    • Our Vulnerability Reports
  • Contact Us
    • Report a Vulnerability We Are Missing
  • More
    • WordPress Plugins We Have Vulnerabilities Listings for in Our Data Set
    • Plugin Security Checker
    • Set Up
    • Where To Find Our Data
    • Get the Companion Plugin
    • Hacked WordPress Website Cleanup
    • Vulnerability Disclosure Policy
    • Get Free Help Fixing A Security Vulnerability In Your WordPress Plugin
    • Security Bug Bounty Program

Tag Archives: ALO EasyMail Newsletter

If you are looking to find out about the security of the plugin ALO EasyMail Newsletter, the only way to really understand if it is secure or not is to have a security review of the plugin done, since looking for information on vulnerabilities already disclosed in it will provide you an incomplete and outdated view of that. If you become a paying customer of our service, you have the ability to suggest/vote to have the plugin get a security review from us if it is in the WordPress Plugin Directory. You can also order a security review of the plugin done by us, if you want a plugin not in the WordPress Plugin Directory reviewed or need a review done right away.

11 Apr

Reflected Cross-Site Scripting (XSS) Vulnerability in ALO EasyMail Newsletter

We recently discovered the ALO EasyMail Newsletter plugin had a reflected cross-site scripting (XSS) vulnerability. In version 2.8.1, and some prior versions, the file /alo-easymail-admin-subscribers.php was echoing a GET variable without escaping it. That occurred on line 126: <input  type=”hidden” name=”sortby” value=”<?php echo $_GET[‘sortby’] ?>” /> Proof Of Concept The following proof of concept URL will cause [Read more]

Plugin Vulnerabilities Posted in Vulnerability Report ALO EasyMail Newsletter, Reflected Cross-Site Scripting (XSS), Vulnerability Report Leave a comment

Post navigation

Our Service

With our service you can get access to all our data on known vulnerabilities in WordPress plugin.

Plugin Security Checker

Have you recently checked to see if the plugins you use have any possible security issues identified by our continually improved Plugin Security Checker?

Keep Up With Our Blog

You can follow our blog with its RSS feed or our Twitter account.

Recent Posts

  • Not Really a WordPress Plugin Vulnerability, Week of February 15
  • Closures of Very Popular WordPress Plugins, Week of February 15
  • WPCampus and Paul Gilzow Spreading False Information About Claimed Vulnerabilities in WordPress Plugins
  • The Missing Story About WordPress Plugin Developers’ Failure To Make Sure Their Plugins Are Secure
  • Vulnerability Details: CSRF/SQL Injection in WP Tabs Responsive horizontal vertical and accordion Tabs

We Have a Listing For Analytics Tracker

We have information on one or more vulnerabilities in the plugin Analytics Tracker in our data set.
Powered by WordPress 5.0.3
© 2016-2019 White Fir Design LLC | Privacy Policy
Fruitful theme by fruitfulcode
↑