ALO EasyMail Newsletter – Plugin Vulnerabilities

Tag Archives: ALO EasyMail Newsletter

If you are looking to find out about the security of the plugin ALO EasyMail Newsletter, the only way to really understand if it is secure or not is to have a security review of the plugin done, since looking for information on vulnerabilities already disclosed in it will provide you an incomplete and outdated view of that. If you become a paying customer of our service, you have the ability to suggest/vote to have the plugin get a security review from us if it is in the WordPress Plugin Directory. You can also order a security review of the plugin done by us, if you want a plugin not in the WordPress Plugin Directory reviewed or need a review done right away.

Reflected Cross-Site Scripting (XSS) Vulnerability in ALO EasyMail Newsletter

We recently discovered the ALO EasyMail Newsletter plugin had a reflected cross-site scripting (XSS) vulnerability. In version 2.8.1, and some prior versions, the file /alo-easymail-admin-subscribers.php was echoing a GET variable without escaping it. That occurred on line 126: <input type=”hidden” name=”sortby” value=”<?php echo $_GET[‘sortby’] ?>” /> Proof Of Concept The following proof of concept URL will cause [Read more]

Plugin Vulnerabilities

A service to protect your site against vulnerabilities in WordPress plugins.