Vulnerabilities > Tribulant > Newsletters > 4.9.8

DATE CVE VULNERABILITY TITLE RISK
2025-03-22 CVE-2024-13739 Cross-site Scripting vulnerability in Tribulant Newsletters
The Newsletters plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the "to" parameter in all versions up to, and including, 4.9.9.7 due to insufficient input sanitization and output escaping.
network
low complexity
tribulant CWE-79
6.1
6.1
2024-09-06 CVE-2024-8247 Unspecified vulnerability in Tribulant Newsletters
The Newsletters plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 4.9.9.2.
network
low complexity
tribulant
8.8
8.8