Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tribulant newsletters vulnerabilities and exploits
(subscribe to this query)
312
VMScore
CVE-2019-14787
The Tribulant Newsletters plugin prior to 4.6.19 for WordPress allows XSS via the wp-admin/admin-ajax.php?action=newsletters_load_new_editor contentarea parameter.
Tribulant Newsletters
668
VMScore
CVE-2018-20987
The newsletters-lite plugin prior to 4.6.8.6 for WordPress has PHP object injection.
Tribulant Newsletters
578
VMScore
CVE-2019-14788
wp-admin/admin-ajax.php?action=newsletters_exportmultiple in the Tribulant Newsletters plugin prior to 4.6.19 for WordPress allows directory traversal with resultant remote PHP code execution via the subscribers[1][1] parameter in conjunction with an exportfile=../ value.
Tribulant Newsletters
NA
CVE-2023-30478
Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Newsletters plugin <= 4.8.8 versions.
Tribulant Newsletters
NA
CVE-2023-4797
The Newsletters WordPress plugin prior to 4.9.3 does not properly escape user-controlled parameters when they are appended to SQL queries and shell commands, which could enable an administrator to run arbitrary commands on the server.
Tribulant Newsletters
NA
CVE-2024-32954
Unrestricted Upload of File with Dangerous Type vulnerability in Tribulant Newsletters.This issue affects Newsletters: from n/a up to and including 4.9.5.
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started