Tribulant Newsletters
13 CVEs affecting Tribulant Newsletters. Latest disclosed: 2025-05-31. Critical: 2, High: 6.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2018-20987 | Critical | 9.8 | 2019-08-22 | The newsletters-lite plugin before 4.6.8.6 for WordPress has PHP object injection. |
CVE-2024-32954 | Critical | 9.1 | 2024-04-24 | Unrestricted Upload of File with Dangerous Type vulnerability in Tribulant Newsletters.This issue affects Newsletters: from n/a through 4.9.5. |
CVE-2024-8247 | High | 8.8 | 2024-09-06 | The Newsletters plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 4.9.9.2. This is due to the plugin not restric… |
CVE-2019-14788 | High | 8.8 | 2019-08-15 | wp-admin/admin-ajax.php?action=newsletters_exportmultiple in the Tribulant Newsletters plugin before 4.6.19 for WordPress allows directory traversal with resul… |
CVE-2025-4857 | High | 7.2 | 2025-05-31 | The Newsletters plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.9.9.9 via the 'file' parameter. This makes i… |
CVE-2023-4797 | High | 7.2 | 2024-01-16 | The Newsletters WordPress plugin before 4.9.3 does not properly escape user-controlled parameters when they are appended to SQL queries and shell commands, whi… |
CVE-2024-43279 | High | 7.1 | 2024-08-18 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tribulant Newsletters allows Reflected XSS.This is… |
CVE-2024-35718 | High | 7.1 | 2024-06-08 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tribulant Newsletters allows Reflected XSS.This is… |
CVE-2024-10181 | Medium | 6.4 | 2024-10-29 | The Newsletters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's newsletters_video shortcode in all versions up to, and inclu… |
CVE-2024-13739 | Medium | 6.1 | 2025-03-22 | The Newsletters plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the "to" parameter in all versions up to, and including, 4.9.9.7 due t… |
CVE-2023-30478 | Medium | 5.4 | 2023-11-10 | Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Newsletters plugin <= 4.8.8 versions. |
CVE-2019-14787 | Medium | 5.4 | 2019-08-09 | The Tribulant Newsletters plugin before 4.6.19 for WordPress allows XSS via the wp-admin/admin-ajax.php?action=newsletters_load_new_editor contentarea paramete… |
CVE-2024-37227 | Medium | 4.3 | 2024-06-21 | Cross Site Request Forgery (CSRF) vulnerability in Tribulant Newsletters.This issue affects Newsletters: from n/a through 4.9.7. |