Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
TribulantNewsletters

10 matches found

CVE
CVEadded 2024/04/24 11:15 a.m.61 views

CVE-2024-32954

Unrestricted Upload of File with Dangerous Type vulnerability in Tribulant Newsletters.This issue affects Newsletters: from n/a through 4.9.5.

9.1CVSS6.8AI score0.00161EPSS
CVE
CVEadded 2024/01/16 4:15 p.m.57 views

CVE-2023-4797

The Newsletters WordPress plugin before 4.9.3 does not properly escape user-controlled parameters when they are appended to SQL queries and shell commands, which could enable an administrator to run arbitrary commands on the server.

7.2CVSS7.2AI score0.0056EPSS
CVE
CVEadded 2024/04/24 8:15 a.m.49 views

CVE-2024-32953

Insertion of Sensitive Information into Log File vulnerability in Newsletters.This issue affects Newsletters: from n/a through 4.9.5.

7.5CVSS7.5AI score0.00391EPSS
CVE
CVEadded 2024/06/08 2:15 p.m.48 views

CVE-2024-35718

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tribulant Newsletters allows Reflected XSS.This issue affects Newsletters: from n/a through 4.9.5.

7.1CVSS6.7AI score0.00121EPSS
CVE
CVEadded 2024/08/18 10:15 p.m.44 views

CVE-2024-43279

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tribulant Newsletters allows Reflected XSS.This issue affects Newsletters: from n/a through 4.9.8.

7.1CVSS6.9AI score0.00141EPSS
CVE
CVEadded 2024/06/21 2:15 p.m.42 views

CVE-2024-37227

Cross Site Request Forgery (CSRF) vulnerability in Tribulant Newsletters.This issue affects Newsletters: from n/a through 4.9.7.

8.8CVSS6.4AI score0.00042EPSS
CVE
CVEadded 2024/09/06 4:15 a.m.39 views

CVE-2024-8247

The Newsletters plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 4.9.9.2. This is due to the plugin not restricting what user meta can be updated as screen options. This makes it possible for authenticated attackers, with subscriber-level access and a...

8.8CVSS8.8AI score0.00334EPSS
CVE
CVEadded 2024/10/29 12:15 p.m.35 views

CVE-2024-10181

The Newsletters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's newsletters_video shortcode in all versions up to, and including, 4.9.9.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...

6.4CVSS5.7AI score0.00079EPSS
CVE
CVEadded 2024/10/06 11:15 a.m.34 views

CVE-2024-47346

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tribulant Newsletters allows Reflected XSS.This issue affects Newsletters: from n/a through 4.9.9.1.

7.1CVSS7.2AI score0.0012EPSS
CVE
CVEadded 2024/08/15 8:15 a.m.34 views

CVE-2024-7411

The Newsletters plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 4.9.9. This is due the plugin not preventing direct access to the /vendor/mobiledetect/mobiledetectlib/export/exportToJSON.php. This makes it possible for unauthenticated attackers to re...

5.3CVSS5.1AI score0.00469EPSS