Vulnerabilities > Tribulant

DATE CVE VULNERABILITY TITLE RISK
2024-09-06 CVE-2024-8247 Unspecified vulnerability in Tribulant Newsletters
The Newsletters plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 4.9.9.2.
network
low complexity
tribulant
8.8
2024-06-21 CVE-2024-37227 Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Newsletters
Cross Site Request Forgery (CSRF) vulnerability in Tribulant Newsletters.This issue affects Newsletters: from n/a through 4.9.7.
network
low complexity
tribulant CWE-352
8.8
2024-06-08 CVE-2024-35718 Unspecified vulnerability in Tribulant Newsletters
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tribulant Newsletters allows Reflected XSS.This issue affects Newsletters: from n/a through 4.9.5.
network
low complexity
tribulant
6.1
2024-04-10 CVE-2024-31353 Unspecified vulnerability in Tribulant Slideshow Gallery
Insertion of Sensitive Information into Log File vulnerability in Tribulant Slideshow Gallery.This issue affects Slideshow Gallery: from n/a through 1.7.8.
network
low complexity
tribulant
5.3
2024-01-16 CVE-2023-4797 Command Injection vulnerability in Tribulant Newsletters
The Newsletters WordPress plugin before 4.9.3 does not properly escape user-controlled parameters when they are appended to SQL queries and shell commands, which could enable an administrator to run arbitrary commands on the server.
network
low complexity
tribulant CWE-77
7.2
2023-12-20 CVE-2023-28491 Unspecified vulnerability in Tribulant Slideshow Gallery
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tribulant Slideshow Gallery LITE.This issue affects Slideshow Gallery LITE: from n/a through 1.7.6.
network
low complexity
tribulant
7.2
2023-11-12 CVE-2023-28497 Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Slideshow Gallery
Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Slideshow Gallery LITE plugin <= 1.7.6 versions.
network
low complexity
tribulant CWE-352
8.8
2023-11-10 CVE-2023-30478 Unspecified vulnerability in Tribulant Newsletters
Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Newsletters plugin <= 4.8.8 versions.
network
low complexity
tribulant
8.8
2021-11-23 CVE-2021-24882 Unspecified vulnerability in Tribulant Slideshow Gallery
The Slideshow Gallery WordPress plugin before 1.7.4 does not sanitise and escape the Slide "Title", "Description", and Gallery "Title" fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed
network
low complexity
tribulant
4.8
2021-01-01 CVE-2020-35932 Deserialization of Untrusted Data vulnerability in Tribulant Newsletter
Insecure Deserialization in the Newsletter plugin before 6.8.2 for WordPress allows authenticated remote attackers with minimal privileges (such as subscribers) to use the tpnc_render AJAX action to inject arbitrary PHP objects via the options[inline_edits] parameter.
network
low complexity
tribulant CWE-502
8.8