Wp Mailster Security Vulnerabilities and Issues — Wp Mailster CVE List

Lucene search

WpmailsterWp Mailster

12 matches found

CVE•added 2024/12/06 2:15 p.m.•55 views

CVE-2024-53804

Insertion of Sensitive Information Into Sent Data vulnerability in brandtoss WP Mailster allows Retrieve Embedded Sensitive Data.This issue affects WP Mailster: from n/a through 1.8.16.0.

7.5CVSS7.6AI score0.00168EPSS

CVE•added 2024/12/03 10:15 a.m.•54 views

CVE-2024-11782

The WP Mailster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mst_subscribe' shortcode in all versions up to, and including, 1.8.17.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

6.4CVSS5.7AI score0.00038EPSS

CVE•added 2025/02/03 3:15 p.m.•51 views

CVE-2025-24559

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brandtoss WP Mailster allows Reflected XSS. This issue affects WP Mailster: from n/a through 1.8.15.0.

7.1CVSS6.9AI score0.00037EPSS

CVE•added 2024/12/06 2:15 p.m.•47 views

CVE-2024-53805

Missing Authorization vulnerability in brandtoss WP Mailster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Mailster: from n/a through 1.8.16.0.

9.8CVSS7.6AI score0.00254EPSS

CVE•added 2024/12/06 2:15 p.m.•44 views

CVE-2024-53803

Missing Authorization vulnerability in brandtoss WP Mailster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Mailster: from n/a through 1.8.16.0.

8.8CVSS6.5AI score0.00197EPSS

CVE•added 2017/12/07 12:29 a.m.•43 views

CVE-2017-17451

The WP Mailster plugin before 1.5.5 for WordPress has XSS in the unsubscribe handler via the mes parameter to view/subscription/unsubscribe2.php.

6.1CVSS6AI score0.16393EPSS

CVE•added 2025/02/04 3:15 p.m.•43 views

CVE-2025-24598

7.1CVSS7AI score0.00037EPSS

CVE•added 2024/12/16 3:15 p.m.•42 views

CVE-2024-54355

Cross-Site Request Forgery (CSRF) vulnerability in brandtoss WP Mailster allows Cross Site Request Forgery.This issue affects WP Mailster: from n/a through 1.8.17.0.

8.8CVSS4.7AI score0.00026EPSS

CVE•added 2024/11/28 11:15 a.m.•40 views

CVE-2024-53737

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Mailster allows Stored XSS.This issue affects WP Mailster: from n/a through 1.8.16.0.

6.5CVSS6.5AI score0.00034EPSS

CVE•added 2024/12/06 2:15 p.m.•39 views

CVE-2024-53807

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in brandtoss WP Mailster allows Blind SQL Injection.This issue affects WP Mailster: from n/a through 1.8.16.0.

9.8CVSS8.8AI score0.0015EPSS

CVE•added 2025/01/07 11:15 a.m.•37 views

CVE-2025-22303

Insertion of Sensitive Information Into Sent Data vulnerability in brandtoss WP Mailster allows Retrieve Embedded Sensitive Data.This issue affects WP Mailster: from n/a through 1.8.17.0.

7.5CVSS5.3AI score0.00065EPSS

CVE•added 2021/10/21 4:15 p.m.•34 views

CVE-2021-28975

WP Mailster 1.6.18.0 allows XSS when a victim opens a mail server's details in the mst_servers page, for a crafted server_host, server_name, or connection_parameter parameter.

6.1CVSS5.9AI score0.0021EPSS