4.9.2

DATE	CVE	VULNERABILITY TITLE	RISK
2024-01-16	CVE-2023-4797	Command Injection vulnerability in Tribulant Newsletters The Newsletters WordPress plugin before 4.9.3 does not properly escape user-controlled parameters when they are appended to SQL queries and shell commands, which could enable an administrator to run arbitrary commands on the server. network low complexity tribulant CWE-77	7.2

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.