27 matches found
EUVD-2025-15355
Malicious code in bioql PyPI...
CVE-2024-4289
The Sailthru Triggermail WordPress plugin through 1.1 does not sanitise and escape various parameters before outputting them back in pages and attributes, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2024-4290
The Sailthru Triggermail WordPress plugin through 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-11141
The Sailthru Triggermail WordPress plugin through 1.1 does not sanitise and escape some of its settings and is missing CSRF protection which could allow subscribers to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
WordPress Sailthru Triggermail plugin < 1.1 - Subscriber+ Stored XSS vulnerability
Subscriber+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin Sailthru Triggermail versions 1.1...
CVE-2024-11141
The Sailthru Triggermail WordPress plugin through 1.1 does not sanitise and escape some of its settings and is missing CSRF protection which could allow subscribers to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-11141
The Sailthru Triggermail WordPress plugin through 1.1 does not sanitise and escape some of its settings and is missing CSRF protection which could allow subscribers to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-11141 Sailthru Triggermail < 1.1 - Subscriber+ Stored XSS
The Sailthru Triggermail WordPress plugin through 1.1 does not sanitise and escape some of its settings and is missing CSRF protection which could allow subscribers to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-11141 Sailthru Triggermail < 1.1 - Subscriber+ Stored XSS
The Sailthru Triggermail WordPress plugin through 1.1 does not sanitise and escape some of its settings and is missing CSRF protection which could allow subscribers to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-11141
The CVE-2024-11141 entry affects the Sailthru Triggermail WordPress plugin (versions 1.1 and earlier). The vulnerability arises because the plugin does not sanitize/escape certain settings and lacks CSRF protection, enabling Stored Cross-Site Scripting attacks even when unfiltered_html is disallo...
WordPress plugin Sailthru Triggermail 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2025-21413 · WordPress · Sailthru Triggermail Plugin
Name of the Vulnerable Software and Affected Versions: Sailthru Triggermail plugin for WordPress versions 1.1 and earlier Description: The issue concerns the Sailthru Triggermail WordPress plugin, which does not properly sanitise and escape some of its settings. Additionally, it lacks CSRF...
WordPress Sailthru Triggermail plugin <= 1.1 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin Sailthru Triggermail versions = 1.1...
WordPress Sailthru Triggermail plugin <= 1.1 - Reflected XSS vulnerability
Reflected XSS vulnerability discovered by Bob Matyas in WordPress Plugin Sailthru Triggermail versions = 1.1...
CVE-2024-4289
The Sailthru Triggermail WordPress plugin through 1.1 does not sanitise and escape various parameters before outputting them back in pages and attributes, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2024-4289
The Sailthru Triggermail WordPress plugin through 1.1 does not sanitise and escape various parameters before outputting them back in pages and attributes, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2024-4290
The Sailthru Triggermail WordPress plugin through 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-4290 Sailthru Triggermail <= 1.1 - Admin+ Stored XSS
The Sailthru Triggermail WordPress plugin through 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-4290 Sailthru Triggermail <= 1.1 - Admin+ Stored XSS
The Sailthru Triggermail WordPress plugin through 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-4289 Sailthru Triggermail <= 1.1 - Reflected XSS
The Sailthru Triggermail WordPress plugin through 1.1 does not sanitise and escape various parameters before outputting them back in pages and attributes, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...