Newsletters Security Vulnerabilities and Issues — Newsletters CVE List

Lucene search

TribulantNewsletters

4 matches found

CVE•added 2019/08/15 4:15 p.m.•44 views

CVE-2019-14788

wp-admin/admin-ajax.php?action=newsletters_exportmultiple in the Tribulant Newsletters plugin before 4.6.19 for WordPress allows directory traversal with resultant remote PHP code execution via the subscribers[1][1] parameter in conjunction with an exportfile=../ value.

8.8CVSS9AI score0.01697EPSS

CVE•added 2024/06/21 2:15 p.m.•42 views

CVE-2024-37227

Cross Site Request Forgery (CSRF) vulnerability in Tribulant Newsletters.This issue affects Newsletters: from n/a through 4.9.7.

8.8CVSS6.4AI score0.0017EPSS

CVE•added 2024/09/06 4:15 a.m.•39 views

CVE-2024-8247

The Newsletters plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 4.9.9.2. This is due to the plugin not restricting what user meta can be updated as screen options. This makes it possible for authenticated attackers, with subscriber-level access and a...

8.8CVSS8.8AI score0.00334EPSS

CVE•added 2023/11/10 2:15 p.m.•30 views

CVE-2023-30478

Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Newsletters plugin

8.8CVSS8.9AI score0.00096EPSS