Vulnerabilities > Tribulant
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-01 | CVE-2020-35932 | Deserialization of Untrusted Data vulnerability in Tribulant Newsletter Insecure Deserialization in the Newsletter plugin before 6.8.2 for WordPress allows authenticated remote attackers with minimal privileges (such as subscribers) to use the tpnc_render AJAX action to inject arbitrary PHP objects via the options[inline_edits] parameter. | 8.8 |
| 2019-08-30 | CVE-2019-15828 | Cross-Site Request Forgery (CSRF) vulnerability in Tribulant ONE Click SSL The one-click-ssl plugin before 1.4.7 for WordPress has CSRF. | 8.8 |
| 2019-08-22 | CVE-2018-20987 | Deserialization of Untrusted Data vulnerability in Tribulant Newsletters The newsletters-lite plugin before 4.6.8.6 for WordPress has PHP object injection. | 9.8 |
| 2019-08-15 | CVE-2019-14788 | Path Traversal vulnerability in Tribulant Newsletters wp-admin/admin-ajax.php?action=newsletters_exportmultiple in the Tribulant Newsletters plugin before 4.6.19 for WordPress allows directory traversal with resultant remote PHP code execution via the subscribers[1][1] parameter in conjunction with an exportfile=../ value. | 8.8 |
| 2019-08-09 | CVE-2019-14787 | Cross-site Scripting vulnerability in Tribulant Newsletters The Tribulant Newsletters plugin before 4.6.19 for WordPress allows XSS via the wp-admin/admin-ajax.php?action=newsletters_load_new_editor contentarea parameter. | 5.4 |
| 2019-04-15 | CVE-2018-18019 | Cross-site Scripting vulnerability in Tribulant Slideshow Gallery 1.6.8 XSS exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPress via the wp-admin/admin.php?page=slideshow-slides&method=save Slide[title], Slide[media_file], or Slide[image_url] parameter. | 6.1 |
| 2019-04-15 | CVE-2018-18018 | SQL Injection vulnerability in Tribulant Slideshow Gallery 1.6.8 SQL Injection exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPress via the wp-admin/admin.php?page=slideshow-galleries&method=save Gallery[id] or Gallery[title] parameter. | 9.8 |
| 2019-04-15 | CVE-2018-18017 | Cross-site Scripting vulnerability in Tribulant Slideshow Gallery 1.6.8 XSS exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPress via the wp-admin/admin.php?page=slideshow-galleries&method=save Gallery[id] or Gallery[title] parameter. | 6.1 |
| 2018-10-03 | CVE-2018-17946 | Cross-site Scripting vulnerability in Tribulant Slideshow Gallery The Tribulant Slideshow Gallery plugin before 1.6.6.1 for WordPress has XSS via the id, method, Gallerymessage, Galleryerror, or Galleryupdated parameter. | 6.1 |