Contrid Newsletters
8 CVEs affecting Contrid Newsletters. Latest disclosed: 2026-06-10. Critical: 0, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-8247 | High | 8.8 | 2024-09-06 | The Newsletters plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 4.9.9.2. This is due to the plugin not restric… |
CVE-2026-3018 | High | 7.5 | 2026-06-10 | The Newsletters plugin for WordPress is vulnerable to time-based SQL Injection via the ‘wpmlsubscriber_id’ parameter in all versions up to, and including, 4.13… |
CVE-2025-4857 | High | 7.2 | 2025-05-31 | The Newsletters plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.9.9.9 via the 'file' parameter. This makes i… |
CVE-2025-2009 | High | 7.2 | 2025-03-26 | The Newsletters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the logging functionality in all versions up to, and including, 4.9.9.7 d… |
CVE-2025-3107 | Medium | 6.5 | 2025-05-13 | The Newsletters plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby' parameter in all versions up to, and including, 4.9.9.8 due to… |
CVE-2024-10181 | Medium | 6.4 | 2024-10-29 | The Newsletters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's newsletters_video shortcode in all versions up to, and inclu… |
CVE-2024-13739 | Medium | 6.1 | 2025-03-22 | The Newsletters plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the "to" parameter in all versions up to, and including, 4.9.9.7 due t… |
CVE-2024-7411 | Medium | 5.3 | 2024-08-15 | The Newsletters plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 4.9.9. This is due the plugin not preventing d… |