1.6.19

DATE	CVE	VULNERABILITY TITLE	RISK
2025-02-04	CVE-2025-24598	Cross-site Scripting vulnerability in Wpmailster WP Mailster Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brandtoss WP Mailster allows Reflected XSS. network low complexity wpmailster CWE-79	6.1
2025-02-03	CVE-2025-24559	Cross-site Scripting vulnerability in Wpmailster WP Mailster Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brandtoss WP Mailster allows Reflected XSS. network low complexity wpmailster CWE-79	6.1
2025-01-07	CVE-2025-22303	Unspecified vulnerability in Wpmailster WP Mailster Insertion of Sensitive Information Into Sent Data vulnerability in brandtoss WP Mailster allows Retrieve Embedded Sensitive Data.This issue affects WP Mailster: from n/a through 1.8.17.0. network low complexity wpmailster	7.5
2024-12-16	CVE-2024-54355	Cross-Site Request Forgery (CSRF) vulnerability in Wpmailster WP Mailster Cross-Site Request Forgery (CSRF) vulnerability in brandtoss WP Mailster allows Cross Site Request Forgery.This issue affects WP Mailster: from n/a through 1.8.17.0. network low complexity wpmailster CWE-352	8.8
2024-12-06	CVE-2024-53803	Missing Authorization vulnerability in Wpmailster WP Mailster Missing Authorization vulnerability in brandtoss WP Mailster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Mailster: from n/a through 1.8.16.0. network low complexity wpmailster CWE-862	8.8
2024-12-06	CVE-2024-53804	Unspecified vulnerability in Wpmailster WP Mailster Insertion of Sensitive Information Into Sent Data vulnerability in brandtoss WP Mailster allows Retrieve Embedded Sensitive Data.This issue affects WP Mailster: from n/a through 1.8.16.0. network low complexity wpmailster	7.5
2024-12-06	CVE-2024-53805	Unspecified vulnerability in Wpmailster WP Mailster Missing Authorization vulnerability in brandtoss WP Mailster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Mailster: from n/a through 1.8.16.0. network low complexity wpmailster critical	9.8
2024-12-06	CVE-2024-53807	SQL Injection vulnerability in Wpmailster WP Mailster Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in brandtoss WP Mailster allows Blind SQL Injection.This issue affects WP Mailster: from n/a through 1.8.16.0. network low complexity wpmailster CWE-89 critical	9.8
2024-12-03	CVE-2024-11782	Cross-site Scripting vulnerability in Wpmailster WP Mailster The WP Mailster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mst_subscribe' shortcode in all versions up to, and including, 1.8.17.0 due to insufficient input sanitization and output escaping on user supplied attributes. network low complexity wpmailster CWE-79	5.4
2024-11-28	CVE-2024-53737	Cross-site Scripting vulnerability in Wpmailster WP Mailster Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Mailster allows Stored XSS.This issue affects WP Mailster: from n/a through 1.8.16.0. network low complexity wpmailster CWE-79	5.4