Vulnerabilities > Tribulant > High

DATE CVE VULNERABILITY TITLE RISK
2024-09-06 CVE-2024-8247 Unspecified vulnerability in Tribulant Newsletters
The Newsletters plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 4.9.9.2.
network
low complexity
tribulant
8.8
8.8
2024-06-21 CVE-2024-37227 Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Newsletters
Cross Site Request Forgery (CSRF) vulnerability in Tribulant Newsletters.This issue affects Newsletters: from n/a through 4.9.7.
network
low complexity
tribulant CWE-352
8.8
8.8
2024-01-16 CVE-2023-4797 Command Injection vulnerability in Tribulant Newsletters
The Newsletters WordPress plugin before 4.9.3 does not properly escape user-controlled parameters when they are appended to SQL queries and shell commands, which could enable an administrator to run arbitrary commands on the server.
network
low complexity
tribulant CWE-77
7.2
7.2
2023-12-20 CVE-2023-28491 SQL Injection vulnerability in Tribulant Slideshow Gallery
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tribulant Slideshow Gallery LITE.This issue affects Slideshow Gallery LITE: from n/a through 1.7.6.
network
low complexity
tribulant CWE-89
7.2
7.2
2023-11-12 CVE-2023-28497 Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Slideshow Gallery
Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Slideshow Gallery LITE plugin <= 1.7.6 versions.
network
low complexity
tribulant CWE-352
8.8
8.8
2023-11-10 CVE-2023-30478 Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Newsletters
Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Newsletters plugin <= 4.8.8 versions.
network
low complexity
tribulant CWE-352
8.8
8.8
2019-08-22 CVE-2018-20987 Deserialization of Untrusted Data vulnerability in Tribulant Newsletters
The newsletters-lite plugin before 4.6.8.6 for WordPress has PHP object injection.
network
low complexity
tribulant CWE-502
7.5
7.5
2019-08-15 CVE-2019-14788 Path Traversal vulnerability in Tribulant Newsletters
wp-admin/admin-ajax.php?action=newsletters_exportmultiple in the Tribulant Newsletters plugin before 4.6.19 for WordPress allows directory traversal with resultant remote PHP code execution via the subscribers[1][1] parameter in conjunction with an exportfile=../ value.
network
low complexity
tribulant CWE-22
8.8
8.8
2019-04-15 CVE-2018-18018 SQL Injection vulnerability in Tribulant Slideshow Gallery 1.6.8
SQL Injection exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPress via the wp-admin/admin.php?page=slideshow-galleries&method=save Gallery[id] or Gallery[title] parameter.
network
low complexity
tribulant CWE-89
7.5
7.5