Vulnerabilities > Tribulant
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-06 | CVE-2024-8247 | Unspecified vulnerability in Tribulant Newsletters The Newsletters plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 4.9.9.2. | 8.8 |
| 2024-06-21 | CVE-2024-37227 | Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Newsletters Cross Site Request Forgery (CSRF) vulnerability in Tribulant Newsletters.This issue affects Newsletters: from n/a through 4.9.7. | 8.8 |
| 2024-06-08 | CVE-2024-35718 | Cross-site Scripting vulnerability in Tribulant Newsletters Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tribulant Newsletters allows Reflected XSS.This issue affects Newsletters: from n/a through 4.9.5. | 6.1 |
| 2024-04-10 | CVE-2024-31353 | Information Exposure Through Log Files vulnerability in Tribulant Slideshow Gallery Insertion of Sensitive Information into Log File vulnerability in Tribulant Slideshow Gallery.This issue affects Slideshow Gallery: from n/a through 1.7.8. | 5.3 |
| 2024-01-16 | CVE-2023-4797 | Command Injection vulnerability in Tribulant Newsletters The Newsletters WordPress plugin before 4.9.3 does not properly escape user-controlled parameters when they are appended to SQL queries and shell commands, which could enable an administrator to run arbitrary commands on the server. | 7.2 |
| 2023-12-20 | CVE-2023-28491 | SQL Injection vulnerability in Tribulant Slideshow Gallery Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tribulant Slideshow Gallery LITE.This issue affects Slideshow Gallery LITE: from n/a through 1.7.6. | 7.2 |
| 2023-11-12 | CVE-2023-28497 | Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Slideshow Gallery Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Slideshow Gallery LITE plugin <= 1.7.6 versions. | 8.8 |
| 2023-11-10 | CVE-2023-30478 | Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Newsletters Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Newsletters plugin <= 4.8.8 versions. | 8.8 |
| 2021-11-23 | CVE-2021-24882 | Cross-site Scripting vulnerability in Tribulant Slideshow Gallery The Slideshow Gallery WordPress plugin before 1.7.4 does not sanitise and escape the Slide "Title", "Description", and Gallery "Title" fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed | 4.8 |
| 2021-01-01 | CVE-2020-35932 | Deserialization of Untrusted Data vulnerability in Tribulant Newsletter Insecure Deserialization in the Newsletter plugin before 6.8.2 for WordPress allows authenticated remote attackers with minimal privileges (such as subscribers) to use the tpnc_render AJAX action to inject arbitrary PHP objects via the options[inline_edits] parameter. | 8.8 |