Total
12 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-24598 | 1 Wpmailster | 1 Wp Mailster | 2025-02-11 | N/A | 7.1 HIGH |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brandtoss WP Mailster allows Reflected XSS. This issue affects WP Mailster: from n/a through 1.8.17.0. | |||||
| CVE-2025-24559 | 1 Wpmailster | 1 Wp Mailster | 2025-02-11 | N/A | 7.1 HIGH |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brandtoss WP Mailster allows Reflected XSS. This issue affects WP Mailster: from n/a through 1.8.15.0. | |||||
| CVE-2025-22303 | 1 Wpmailster | 1 Wp Mailster | 2025-02-11 | N/A | 5.3 MEDIUM |
| Insertion of Sensitive Information Into Sent Data vulnerability in brandtoss WP Mailster allows Retrieve Embedded Sensitive Data.This issue affects WP Mailster: from n/a through 1.8.17.0. | |||||
| CVE-2024-53804 | 1 Wpmailster | 1 Wp Mailster | 2025-02-11 | N/A | 7.5 HIGH |
| Insertion of Sensitive Information Into Sent Data vulnerability in brandtoss WP Mailster allows Retrieve Embedded Sensitive Data.This issue affects WP Mailster: from n/a through 1.8.16.0. | |||||
| CVE-2024-53805 | 1 Wpmailster | 1 Wp Mailster | 2025-02-11 | N/A | 7.5 HIGH |
| Missing Authorization vulnerability in brandtoss WP Mailster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Mailster: from n/a through 1.8.16.0. | |||||
| CVE-2024-53737 | 1 Wpmailster | 1 Wp Mailster | 2025-02-10 | N/A | 6.5 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Mailster allows Stored XSS.This issue affects WP Mailster: from n/a through 1.8.16.0. | |||||
| CVE-2024-11782 | 1 Wpmailster | 1 Wp Mailster | 2025-02-10 | N/A | 6.4 MEDIUM |
| The WP Mailster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mst_subscribe' shortcode in all versions up to, and including, 1.8.17.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-53803 | 1 Wpmailster | 1 Wp Mailster | 2025-02-10 | N/A | 6.5 MEDIUM |
| Missing Authorization vulnerability in brandtoss WP Mailster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Mailster: from n/a through 1.8.16.0. | |||||
| CVE-2024-53807 | 1 Wpmailster | 1 Wp Mailster | 2025-02-07 | N/A | 8.5 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in brandtoss WP Mailster allows Blind SQL Injection.This issue affects WP Mailster: from n/a through 1.8.16.0. | |||||
| CVE-2024-54355 | 1 Wpmailster | 1 Wp Mailster | 2025-02-07 | N/A | 4.3 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability in brandtoss WP Mailster allows Cross Site Request Forgery.This issue affects WP Mailster: from n/a through 1.8.17.0. | |||||
| CVE-2021-28975 | 1 Wpmailster | 1 Wp Mailster | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| WP Mailster 1.6.18.0 allows XSS when a victim opens a mail server's details in the mst_servers page, for a crafted server_host, server_name, or connection_parameter parameter. | |||||
| CVE-2017-17451 | 1 Wpmailster | 1 Wp Mailster | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WP Mailster plugin before 1.5.5 for WordPress has XSS in the unsubscribe handler via the mes parameter to view/subscription/unsubscribe2.php. | |||||