Newsletters@* Security Vulnerabilities and Issues — Newsletters@* CVE List

Lucene search

TribulantNewsletters*

5 matches found

CVE•added 2024/01/16 4:15 p.m.•58 views

CVE-2023-4797

The Newsletters WordPress plugin before 4.9.3 does not properly escape user-controlled parameters when they are appended to SQL queries and shell commands, which could enable an administrator to run arbitrary commands on the server.

7.2CVSS7.2AI score0.0056EPSS

Web

CVE•added 2024/06/08 2:15 p.m.•49 views

CVE-2024-35718

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tribulant Newsletters allows Reflected XSS.This issue affects Newsletters: from n/a through 4.9.5.

7.1CVSS6.7AI score0.00123EPSS

CVE•added 2024/06/21 2:15 p.m.•43 views

CVE-2024-37227

Cross Site Request Forgery (CSRF) vulnerability in Tribulant Newsletters.This issue affects Newsletters: from n/a through 4.9.7.

8.8CVSS6.4AI score0.0013EPSS

CVE•added 2024/09/06 4:15 a.m.•40 views

CVE-2024-8247

The Newsletters plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 4.9.9.2. This is due to the plugin not restricting what user meta can be updated as screen options. This makes it possible for authenticated attackers, with subscriber-level access and a...

8.8CVSS8.8AI score0.00334EPSS

CVE•added 2024/10/29 12:15 p.m.•36 views

CVE-2024-10181

The Newsletters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's newsletters_video shortcode in all versions up to, and including, 4.9.9.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...

6.4CVSS5.7AI score0.00116EPSS