Wpmailster Wp_mailster
12 CVEs affecting Wpmailster Wp_mailster. Latest disclosed: 2025-02-04. Critical: 0, High: 5.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-53807 | High | 8.5 | 2024-12-06 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in brandtoss WP Mailster wp-mailster allows Blind SQL Inject… |
CVE-2024-53805 | High | 7.5 | 2024-12-06 | Missing Authorization vulnerability in brandtoss WP Mailster wp-mailster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue aff… |
CVE-2024-53804 | High | 7.5 | 2024-12-06 | Insertion of Sensitive Information Into Sent Data vulnerability in brandtoss WP Mailster wp-mailster allows Retrieve Embedded Sensitive Data.This issue affects… |
CVE-2025-24598 | High | 7.1 | 2025-02-04 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brandtoss WP Mailster wp-mailster allows Reflected XSS.Th… |
CVE-2025-24559 | High | 7.1 | 2025-02-03 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brandtoss WP Mailster wp-mailster allows Reflected XSS.Th… |
CVE-2024-53803 | Medium | 6.5 | 2024-12-06 | Missing Authorization vulnerability in brandtoss WP Mailster wp-mailster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue aff… |
CVE-2024-53737 | Medium | 6.5 | 2024-11-28 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brandtoss WP Mailster wp-mailster allows Stored XSS.This… |
CVE-2024-11782 | Medium | 6.4 | 2024-12-03 | The WP Mailster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mst_subscribe' shortcode in all versions up to, and includi… |
CVE-2021-28975 | Medium | 6.1 | 2021-10-21 | WP Mailster 1.6.18.0 allows XSS when a victim opens a mail server's details in the mst_servers page, for a crafted server_host, server_name, or connection_para… |
CVE-2017-17451 | Medium | 6.1 | 2017-12-07 | The WP Mailster plugin before 1.5.5 for WordPress has XSS in the unsubscribe handler via the mes parameter to view/subscription/unsubscribe2.php. |
CVE-2025-22303 | Medium | 5.3 | 2025-01-07 | Insertion of Sensitive Information Into Sent Data vulnerability in brandtoss WP Mailster wp-mailster allows Retrieve Embedded Sensitive Data.This issue affects… |
CVE-2024-54355 | Medium | 4.3 | 2024-12-16 | Cross-Site Request Forgery (CSRF) vulnerability in brandtoss WP Mailster wp-mailster allows Cross Site Request Forgery.This issue affects WP Mailster: from n/a… |