Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tribulant newsletters vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2019-14788
wp-admin/admin-ajax.php?action=newsletters_exportmultiple in the Tribulant Newsletters plugin prior to 4.6.19 for WordPress allows directory traversal with resultant remote PHP code execution via the subscribers[1][1] parameter in conjunction with an exportfile=../ value.
Tribulant Newsletters
7.2
CVSSv3
CVE-2023-4797
The Newsletters WordPress plugin prior to 4.9.3 does not properly escape user-controlled parameters when they are appended to SQL queries and shell commands, which could enable an administrator to run arbitrary commands on the server.
Tribulant Newsletters
9.8
CVSSv3
CVE-2018-20987
The newsletters-lite plugin prior to 4.6.8.6 for WordPress has PHP object injection.
Tribulant Newsletters
5.4
CVSSv3
CVE-2019-14787
The Tribulant Newsletters plugin prior to 4.6.19 for WordPress allows XSS via the wp-admin/admin-ajax.php?action=newsletters_load_new_editor contentarea parameter.
Tribulant Newsletters
8.8
CVSSv3
CVE-2023-30478
Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Newsletters plugin <= 4.8.8 versions.
Tribulant Newsletters
NA
CVE-2024-35718
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tribulant Newsletters allows Reflected XSS.This issue affects Newsletters: from n/a up to and including 4.9.5.
NA
CVE-2024-32954
Unrestricted Upload of File with Dangerous Type vulnerability in Tribulant Newsletters.This issue affects Newsletters: from n/a up to and including 4.9.5.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSRF
server-side request forgery
CVE-2024-30067
CVE-2024-5553
CVE-2024-30095
IDOR
CVE-2024-35252
CVE-2024-23692
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started