CVE-2024-8247 — CVSS 8.8 (high): The Newsletters plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 4.9.9.2. This is due to…
CVE-2019-14788 — CVSS 8.8 (high): wp-admin/admin-ajax.php?action=newsletters_exportmultiple in the Tribulant Newsletters plugin before 4.6.19 for WordPress allows directory…
CVE-2025-4857 — CVSS 7.2 (high): The Newsletters plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.9.9.9 via the 'file'…
CVE-2023-4797 — CVSS 7.2 (high): The Newsletters WordPress plugin before 4.9.3 does not properly escape user-controlled parameters when they are appended to SQL queries and…
CVE-2024-35718 — CVSS 7.1 (high): Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tribulant Newsletters allows…
CVE-2024-10181 — CVSS 6.4 (medium): The Newsletters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's newsletters_video shortcode in all…
CVE-2024-13739 — CVSS 6.1 (medium): The Newsletters plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the "to" parameter in all versions up to, and…
CVE-2019-14787 — CVSS 5.4 (medium): The Tribulant Newsletters plugin before 4.6.19 for WordPress allows XSS via the wp-admin/admin-ajax.php?action=newsletters_load_new_editor…
CVE-2024-37227 — CVSS 4.3 (medium): Cross Site Request Forgery (CSRF) vulnerability in Tribulant Newsletters.This issue affects Newsletters: from n/a through 4.9.7.