Vulnerabilities > Tribulant > Newsletters > 4.9.4

DATE CVE VULNERABILITY TITLE RISK
2025-03-22 CVE-2024-13739 Cross-site Scripting vulnerability in Tribulant Newsletters
The Newsletters plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the "to" parameter in all versions up to, and including, 4.9.9.7 due to insufficient input sanitization and output escaping.
network
low complexity
tribulant CWE-79
6.1
6.1
2024-09-06 CVE-2024-8247 Unspecified vulnerability in Tribulant Newsletters
The Newsletters plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 4.9.9.2.
network
low complexity
tribulant
8.8
8.8
2024-06-21 CVE-2024-37227 Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Newsletters
Cross Site Request Forgery (CSRF) vulnerability in Tribulant Newsletters.This issue affects Newsletters: from n/a through 4.9.7.
network
low complexity
tribulant CWE-352
8.8
8.8
2024-06-08 CVE-2024-35718 Unspecified vulnerability in Tribulant Newsletters
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tribulant Newsletters allows Reflected XSS.This issue affects Newsletters: from n/a through 4.9.5.
network
low complexity
tribulant
6.1
6.1