VYPR

Tribulant Newsletters

by WordPress

CVEs (3)

  • CVE-2019-14788HigAug 15, 2019
    risk 0.57cvss 8.8epss 0.04

    wp-admin/admin-ajax.php?action=newsletters_exportmultiple in the Tribulant Newsletters plugin before 4.6.19 for WordPress allows directory traversal with resultant remote PHP code execution via the subscribers[1][1] parameter in conjunction with an exportfile=../ value.

  • CVE-2023-30478MedNov 10, 2023
    risk 0.35cvss 5.4epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Newsletters plugin <= 4.8.8 versions.

  • CVE-2019-14787MedAug 9, 2019
    risk 0.35cvss 5.4epss 0.01

    The Tribulant Newsletters plugin before 4.6.19 for WordPress allows XSS via the wp-admin/admin-ajax.php?action=newsletters_load_new_editor contentarea parameter.