Lucene search

Newsletters Security Vulnerabilities

cve

CVE-2018-20987

The newsletters-lite plugin before 4.6.8.6 for WordPress has PHP object injection.

9.8CVSS

9.7AI Score

0.002EPSS

2019-08-22 08:15 PM

cve

CVE-2019-14787

The Tribulant Newsletters plugin before 4.6.19 for WordPress allows XSS via the wp-admin/admin-ajax.php?action=newsletters_load_new_editor contentarea parameter.

5.4CVSS

5.3AI Score

0.001EPSS

2019-08-09 01:15 PM

cve

CVE-2019-14788

wp-admin/admin-ajax.php?action=newsletters_exportmultiple in the Tribulant Newsletters plugin before 4.6.19 for WordPress allows directory traversal with resultant remote PHP code execution via the subscribers[1][1] parameter in conjunction with an exportfile=../ value.

8.8CVSS

9AI Score

0.003EPSS

2019-08-15 04:15 PM

cve

CVE-2023-30478

Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Newsletters plugin <= 4.8.8 versions.

8.8CVSS

8.7AI Score

0.001EPSS

2023-11-10 02:15 PM

cve

CVE-2023-4797

The Newsletters WordPress plugin before 4.9.3 does not properly escape user-controlled parameters when they are appended to SQL queries and shell commands, which could enable an administrator to run arbitrary commands on the server.

7.2CVSS

7.2AI Score

0.0005EPSS

2024-01-16 04:15 PM

cve

CVE-2024-37227

Cross Site Request Forgery (CSRF) vulnerability in Tribulant Newsletters.This issue affects Newsletters: from n/a through 4.9.7.

8.8CVSS

4.7AI Score

0.001EPSS

2024-06-21 02:15 PM