Wp Mailster@* Security Vulnerabilities and Issues — Wp Mailster@* CVE List

Lucene search

WpmailsterWp Mailster*

11 matches found

CVE•added 2024/12/06 2:15 p.m.•57 views

CVE-2024-53804

Insertion of Sensitive Information Into Sent Data vulnerability in brandtoss WP Mailster allows Retrieve Embedded Sensitive Data.This issue affects WP Mailster: from n/a through 1.8.16.0.

7.5CVSS7.6AI score0.00252EPSS

CVE•added 2024/12/03 10:15 a.m.•56 views

CVE-2024-11782

The WP Mailster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mst_subscribe' shortcode in all versions up to, and including, 1.8.17.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

6.4CVSS5.7AI score0.00054EPSS

CVE•added 2025/02/03 3:15 p.m.•52 views

CVE-2025-24559

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brandtoss WP Mailster allows Reflected XSS. This issue affects WP Mailster: from n/a through 1.8.15.0.

7.1CVSS6.9AI score0.00044EPSS

CVE•added 2017/12/07 12:29 a.m.•48 views

CVE-2017-17451

The WP Mailster plugin before 1.5.5 for WordPress has XSS in the unsubscribe handler via the mes parameter to view/subscription/unsubscribe2.php.

6.1CVSS6AI score0.16393EPSS

Web

CVE•added 2024/12/06 2:15 p.m.•48 views

CVE-2024-53805

Missing Authorization vulnerability in brandtoss WP Mailster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Mailster: from n/a through 1.8.16.0.

9.8CVSS7.6AI score0.00319EPSS

CVE•added 2024/12/06 2:15 p.m.•45 views

CVE-2024-53803

Missing Authorization vulnerability in brandtoss WP Mailster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Mailster: from n/a through 1.8.16.0.

8.8CVSS6.5AI score0.00248EPSS

CVE•added 2025/02/04 3:15 p.m.•44 views

CVE-2025-24598

7.1CVSS7AI score0.00044EPSS

CVE•added 2024/12/16 3:15 p.m.•43 views

CVE-2024-54355

Cross-Site Request Forgery (CSRF) vulnerability in brandtoss WP Mailster allows Cross Site Request Forgery.This issue affects WP Mailster: from n/a through 1.8.17.0.

8.8CVSS4.7AI score0.00035EPSS

CVE•added 2024/11/28 11:15 a.m.•41 views

CVE-2024-53737

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Mailster allows Stored XSS.This issue affects WP Mailster: from n/a through 1.8.16.0.

6.5CVSS6.5AI score0.00055EPSS

CVE•added 2024/12/06 2:15 p.m.•40 views

CVE-2024-53807

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in brandtoss WP Mailster allows Blind SQL Injection.This issue affects WP Mailster: from n/a through 1.8.16.0.

9.8CVSS8.8AI score0.00195EPSS

CVE•added 2025/01/07 11:15 a.m.•38 views

CVE-2025-22303

Insertion of Sensitive Information Into Sent Data vulnerability in brandtoss WP Mailster allows Retrieve Embedded Sensitive Data.This issue affects WP Mailster: from n/a through 1.8.17.0.

7.5CVSS5.3AI score0.00089EPSS