Vulnerabilities > Tribulant
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-04-10 | CVE-2024-31353 | Information Exposure Through Log Files vulnerability in Tribulant Slideshow Gallery Insertion of Sensitive Information into Log File vulnerability in Tribulant Slideshow Gallery.This issue affects Slideshow Gallery: from n/a through 1.7.8. | 5.3 |
| 2024-01-16 | CVE-2023-4797 | Command Injection vulnerability in Tribulant Newsletters The Newsletters WordPress plugin before 4.9.3 does not properly escape user-controlled parameters when they are appended to SQL queries and shell commands, which could enable an administrator to run arbitrary commands on the server. | 7.2 |
| 2023-12-20 | CVE-2023-28491 | SQL Injection vulnerability in Tribulant Slideshow Gallery Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tribulant Slideshow Gallery LITE.This issue affects Slideshow Gallery LITE: from n/a through 1.7.6. | 7.2 |
| 2023-11-12 | CVE-2023-28497 | Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Slideshow Gallery Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Slideshow Gallery LITE plugin <= 1.7.6 versions. | 8.8 |
| 2023-11-10 | CVE-2023-30478 | Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Newsletters Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Newsletters plugin <= 4.8.8 versions. | 8.8 |
| 2021-11-23 | CVE-2021-24882 | Cross-site Scripting vulnerability in Tribulant Slideshow Gallery The Slideshow Gallery WordPress plugin before 1.7.4 does not sanitise and escape the Slide "Title", "Description", and Gallery "Title" fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed | 3.5 |
| 2021-01-01 | CVE-2020-35932 | Deserialization of Untrusted Data vulnerability in Tribulant Newsletter Insecure Deserialization in the Newsletter plugin before 6.8.2 for WordPress allows authenticated remote attackers with minimal privileges (such as subscribers) to use the tpnc_render AJAX action to inject arbitrary PHP objects via the options[inline_edits] parameter. | 6.0 |
| 2019-08-30 | CVE-2019-15828 | Cross-Site Request Forgery (CSRF) vulnerability in Tribulant ONE Click SSL The one-click-ssl plugin before 1.4.7 for WordPress has CSRF. | 6.8 |
| 2019-08-22 | CVE-2018-20987 | Deserialization of Untrusted Data vulnerability in Tribulant Newsletters The newsletters-lite plugin before 4.6.8.6 for WordPress has PHP object injection. | 7.5 |
| 2019-08-15 | CVE-2019-14788 | Path Traversal vulnerability in Tribulant Newsletters wp-admin/admin-ajax.php?action=newsletters_exportmultiple in the Tribulant Newsletters plugin before 4.6.19 for WordPress allows directory traversal with resultant remote PHP code execution via the subscribers[1][1] parameter in conjunction with an exportfile=../ value. | 8.8 |