Vulnerabilities > Tribulant > High

DATE CVE VULNERABILITY TITLE RISK
2024-09-06 CVE-2024-8247 Unspecified vulnerability in Tribulant Newsletters
The Newsletters plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 4.9.9.2.
network
low complexity
tribulant
8.8
8.8
2024-06-21 CVE-2024-37227 Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Newsletters
Cross Site Request Forgery (CSRF) vulnerability in Tribulant Newsletters.This issue affects Newsletters: from n/a through 4.9.7.
network
low complexity
tribulant CWE-352
8.8
8.8
2024-01-16 CVE-2023-4797 Command Injection vulnerability in Tribulant Newsletters
The Newsletters WordPress plugin before 4.9.3 does not properly escape user-controlled parameters when they are appended to SQL queries and shell commands, which could enable an administrator to run arbitrary commands on the server.
network
low complexity
tribulant CWE-77
7.2
7.2
2023-12-20 CVE-2023-28491 Unspecified vulnerability in Tribulant Slideshow Gallery
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tribulant Slideshow Gallery LITE.This issue affects Slideshow Gallery LITE: from n/a through 1.7.6.
network
low complexity
tribulant
7.2
7.2
2023-11-12 CVE-2023-28497 Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Slideshow Gallery
Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Slideshow Gallery LITE plugin <= 1.7.6 versions.
network
low complexity
tribulant CWE-352
8.8
8.8
2023-11-10 CVE-2023-30478 Unspecified vulnerability in Tribulant Newsletters
Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Newsletters plugin <= 4.8.8 versions.
network
low complexity
tribulant
8.8
8.8
2021-01-01 CVE-2020-35932 Deserialization of Untrusted Data vulnerability in Tribulant Newsletter
Insecure Deserialization in the Newsletter plugin before 6.8.2 for WordPress allows authenticated remote attackers with minimal privileges (such as subscribers) to use the tpnc_render AJAX action to inject arbitrary PHP objects via the options[inline_edits] parameter.
network
low complexity
tribulant CWE-502
8.8
8.8
2019-08-30 CVE-2019-15828 Cross-Site Request Forgery (CSRF) vulnerability in Tribulant ONE Click SSL
The one-click-ssl plugin before 1.4.7 for WordPress has CSRF.
network
low complexity
tribulant CWE-352
8.8
8.8
2019-08-15 CVE-2019-14788 Path Traversal vulnerability in Tribulant Newsletters
wp-admin/admin-ajax.php?action=newsletters_exportmultiple in the Tribulant Newsletters plugin before 4.6.19 for WordPress allows directory traversal with resultant remote PHP code execution via the subscribers[1][1] parameter in conjunction with an exportfile=../ value.
network
low complexity
tribulant CWE-22
8.8
8.8