Tribulant

Newsletters

18 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.2

CVE-2025-4857

  • EPSS 0.1%
  • Veröffentlicht 31.05.2025 11:18:54
  • Zuletzt bearbeitet 10.07.2025 14:20:05

The Newsletters plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.9.9.9 via the 'file' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to inclu...

7.6

CVE-2025-30921

  • EPSS 0.05%
  • Veröffentlicht 27.03.2025 10:55:57
  • Zuletzt bearbeitet 27.03.2025 16:45:12

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tribulant Software Newsletters allows SQL Injection. This issue affects Newsletters: from n/a through 4.9.9.7.

6.1

CVE-2024-13739

  • EPSS 0.36%
  • Veröffentlicht 22.03.2025 04:22:05
  • Zuletzt bearbeitet 27.03.2025 00:51:56

The Newsletters plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the "to" parameter in all versions up to, and including, 4.9.9.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthent...

7.1

CVE-2025-24599

  • EPSS 0.09%
  • Veröffentlicht 04.02.2025 15:15:23
  • Zuletzt bearbeitet 04.02.2025 15:15:23

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tribulant Newsletters allows Reflected XSS. This issue affects Newsletters: from n/a through 4.9.9.6.

6.4

CVE-2024-10181

  • EPSS 0.28%
  • Veröffentlicht 29.10.2024 12:15:03
  • Zuletzt bearbeitet 10.07.2025 18:24:51

The Newsletters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's newsletters_video shortcode in all versions up to, and including, 4.9.9.4 due to insufficient input sanitization and output escaping on user supplied a...

7.1

CVE-2024-47346

  • EPSS 0.2%
  • Veröffentlicht 06.10.2024 11:15:13
  • Zuletzt bearbeitet 07.10.2024 17:47:48

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tribulant Newsletters allows Reflected XSS.This issue affects Newsletters: from n/a through 4.9.9.1.

8.8

CVE-2024-8247

  • EPSS 0.29%
  • Veröffentlicht 06.09.2024 04:15:05
  • Zuletzt bearbeitet 26.09.2024 21:49:54

The Newsletters plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 4.9.9.2. This is due to the plugin not restricting what user meta can be updated as screen options. This makes it possible for authentica...

7.1

CVE-2024-43279

  • EPSS 0.21%
  • Veröffentlicht 18.08.2024 22:15:10
  • Zuletzt bearbeitet 19.08.2024 12:59:59

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tribulant Newsletters allows Reflected XSS.This issue affects Newsletters: from n/a through 4.9.8.

5.3

CVE-2024-7411

  • EPSS 0.64%
  • Veröffentlicht 15.08.2024 08:15:05
  • Zuletzt bearbeitet 15.08.2024 13:01:10

The Newsletters plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 4.9.9. This is due the plugin not preventing direct access to the /vendor/mobiledetect/mobiledetectlib/export/exportToJSON.php. This make...

8.8

CVE-2024-37227

  • EPSS 0.13%
  • Veröffentlicht 21.06.2024 14:15:13
  • Zuletzt bearbeitet 25.03.2025 16:15:23

Cross Site Request Forgery (CSRF) vulnerability in Tribulant Newsletters.This issue affects Newsletters: from n/a through 4.9.7.