Contrid Newsletters

8 CVEs affecting Contrid Newsletters. Latest disclosed: 2026-06-10. Critical: 0, High: 4.

Top CVEs affecting Contrid Newsletters
CVESeverityScorePublishedSummary
CVE-2024-8247High8.82024-09-06The Newsletters plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 4.9.9.2. This is due to the plugin not restric…
CVE-2026-3018High7.52026-06-10The Newsletters plugin for WordPress is vulnerable to time-based SQL Injection via the ‘wpmlsubscriber_id’ parameter in all versions up to, and including, 4.13…
CVE-2025-4857High7.22025-05-31The Newsletters plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.9.9.9 via the 'file' parameter. This makes i…
CVE-2025-2009High7.22025-03-26The Newsletters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the logging functionality in all versions up to, and including, 4.9.9.7 d…
CVE-2025-3107Medium6.52025-05-13The Newsletters plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby' parameter in all versions up to, and including, 4.9.9.8 due to…
CVE-2024-10181Medium6.42024-10-29The Newsletters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's newsletters_video shortcode in all versions up to, and inclu…
CVE-2024-13739Medium6.12025-03-22The Newsletters plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the "to" parameter in all versions up to, and including, 4.9.9.7 due t…
CVE-2024-7411Medium5.32024-08-15The Newsletters plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 4.9.9. This is due the plugin not preventing d…