Vulnerabilities > Tribulant > Newsletter > 4.6.6.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-01 | CVE-2020-35932 | Deserialization of Untrusted Data vulnerability in Tribulant Newsletter Insecure Deserialization in the Newsletter plugin before 6.8.2 for WordPress allows authenticated remote attackers with minimal privileges (such as subscribers) to use the tpnc_render AJAX action to inject arbitrary PHP objects via the options[inline_edits] parameter. | 6.0 |