Tribulant Newsletters

13 CVEs affecting Tribulant Newsletters. Latest disclosed: 2025-05-31. Critical: 2, High: 6.

Top CVEs affecting Tribulant Newsletters
CVESeverityScorePublishedSummary
CVE-2018-20987Critical9.82019-08-22The newsletters-lite plugin before 4.6.8.6 for WordPress has PHP object injection.
CVE-2024-32954Critical9.12024-04-24Unrestricted Upload of File with Dangerous Type vulnerability in Tribulant Newsletters.This issue affects Newsletters: from n/a through 4.9.5.
CVE-2024-8247High8.82024-09-06The Newsletters plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 4.9.9.2. This is due to the plugin not restric…
CVE-2019-14788High8.82019-08-15wp-admin/admin-ajax.php?action=newsletters_exportmultiple in the Tribulant Newsletters plugin before 4.6.19 for WordPress allows directory traversal with resul…
CVE-2025-4857High7.22025-05-31The Newsletters plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.9.9.9 via the 'file' parameter. This makes i…
CVE-2023-4797High7.22024-01-16The Newsletters WordPress plugin before 4.9.3 does not properly escape user-controlled parameters when they are appended to SQL queries and shell commands, whi…
CVE-2024-43279High7.12024-08-18Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tribulant Newsletters allows Reflected XSS.This is…
CVE-2024-35718High7.12024-06-08Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tribulant Newsletters allows Reflected XSS.This is…
CVE-2024-10181Medium6.42024-10-29The Newsletters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's newsletters_video shortcode in all versions up to, and inclu…
CVE-2024-13739Medium6.12025-03-22The Newsletters plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the "to" parameter in all versions up to, and including, 4.9.9.7 due t…
CVE-2023-30478Medium5.42023-11-10Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Newsletters plugin <= 4.8.8 versions.
CVE-2019-14787Medium5.42019-08-09The Tribulant Newsletters plugin before 4.6.19 for WordPress allows XSS via the wp-admin/admin-ajax.php?action=newsletters_load_new_editor contentarea paramete…
CVE-2024-37227Medium4.32024-06-21Cross Site Request Forgery (CSRF) vulnerability in Tribulant Newsletters.This issue affects Newsletters: from n/a through 4.9.7.