Vulnerabilities > Tribulant

DATE CVE VULNERABILITY TITLE RISK
2019-08-30 CVE-2019-15828 Cross-Site Request Forgery (CSRF) vulnerability in Tribulant ONE Click SSL
The one-click-ssl plugin before 1.4.7 for WordPress has CSRF.
network
low complexity
tribulant CWE-352
8.8
8.8
2019-08-22 CVE-2018-20987 Deserialization of Untrusted Data vulnerability in Tribulant Newsletters
The newsletters-lite plugin before 4.6.8.6 for WordPress has PHP object injection.
network
low complexity
tribulant CWE-502
critical
 9.8
9.8
2019-08-15 CVE-2019-14788 Path Traversal vulnerability in Tribulant Newsletters
wp-admin/admin-ajax.php?action=newsletters_exportmultiple in the Tribulant Newsletters plugin before 4.6.19 for WordPress allows directory traversal with resultant remote PHP code execution via the subscribers[1][1] parameter in conjunction with an exportfile=../ value.
network
low complexity
tribulant CWE-22
8.8
8.8
2019-08-09 CVE-2019-14787 Cross-site Scripting vulnerability in Tribulant Newsletters
The Tribulant Newsletters plugin before 4.6.19 for WordPress allows XSS via the wp-admin/admin-ajax.php?action=newsletters_load_new_editor contentarea parameter.
network
low complexity
tribulant CWE-79
5.4
5.4
2019-04-15 CVE-2018-18019 Cross-site Scripting vulnerability in Tribulant Slideshow Gallery 1.6.8
XSS exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPress via the wp-admin/admin.php?page=slideshow-slides&method=save Slide[title], Slide[media_file], or Slide[image_url] parameter.
network
low complexity
tribulant CWE-79
6.1
6.1
2019-04-15 CVE-2018-18018 SQL Injection vulnerability in Tribulant Slideshow Gallery 1.6.8
SQL Injection exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPress via the wp-admin/admin.php?page=slideshow-galleries&method=save Gallery[id] or Gallery[title] parameter.
network
low complexity
tribulant CWE-89
critical
 9.8
9.8
2019-04-15 CVE-2018-18017 Cross-site Scripting vulnerability in Tribulant Slideshow Gallery 1.6.8
XSS exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPress via the wp-admin/admin.php?page=slideshow-galleries&method=save Gallery[id] or Gallery[title] parameter.
network
low complexity
tribulant CWE-79
6.1
6.1
2018-10-03 CVE-2018-17946 Cross-site Scripting vulnerability in Tribulant Slideshow Gallery
The Tribulant Slideshow Gallery plugin before 1.6.6.1 for WordPress has XSS via the id, method, Gallerymessage, Galleryerror, or Galleryupdated parameter.
network
low complexity
tribulant CWE-79
6.1
6.1