tribulant vulnerabilities and exploits

3.5
CVSSv2
CVE-2019-14787

The Tribulant Newsletters plugin before 4.6.19 for WordPress allows XSS via the wp-admin/admin-ajax.php?action=newsletters_load_new_editor contentarea parameter....

6.5
CVSSv2
CVE-2019-14788

wp-admin/admin-ajax.php?action=newsletters_exportmultiple in the Tribulant Newsletters plugin before 4.6.19 for WordPress allows directory traversal with resultant remote PHP code execution via the subscribers[1][1] parameter in conjunction with an exportfile=../ value....

7.5
CVSSv2
CVE-2018-20987

The newsletters-lite plugin before 4.6.8.6 for WordPress has PHP object injection....

6.5
CVSSv2
CVE-2014-5460

Unrestricted file upload vulnerability in the Tribulant Slideshow Gallery plugin before 1.4.7 for WordPress allows remote authenticated users to execute arbitrary code by uploading a PHP file, then accessing it via a direct request to the file in...

TribulantTibulant Slideshow Gallery
4.3
CVSSv2
CVE-2018-18019

XSS exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPress via the wp-admin/admin.php?page=slideshow-slides&method=save Slide[title], Slide[media_file], or Slide[image_url] parameter....

7.5
CVSSv2
CVE-2018-18018

SQL Injection exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPress via the wp-admin/admin.php?page=slideshow-galleries&method=save Gallery[id] or Gallery[title] parameter....

4.3
CVSSv2
CVE-2018-18017

XSS exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPress via the wp-admin/admin.php?page=slideshow-galleries&method=save Gallery[id] or Gallery[title] parameter....

6.8
CVSSv2
CVE-2019-15828

The one-click-ssl plugin before 1.4.7 for WordPress has CSRF....

4.3
CVSSv2
CVE-2018-17946

The Tribulant Slideshow Gallery plugin before 1.6.6.1 for WordPress has XSS via the id, method, Gallerymessage, Galleryerror, or Galleryupdated parameter....

6.5
CVSSv2
CVE-2014-9308

Unrestricted file upload vulnerability in inc/amfphp/administration/banneruploaderscript.php in the WP EasyCart (aka WordPress Shopping Cart) plugin before 3.0.9 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then...

WpeasycartWp Easycart