cbcvebase.

Mail-Masta Project Mail-Masta vulnerabilities

14 known vulnerabilities affecting mail-masta_project/mail-masta.

Total CVEs
14
CISA KEV
0
Public exploits
5
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH13

Vulnerabilities

Page 1 of 1
CVE-2017-6095P2CRITICALCVSS 9.8PoCv1.02017-02-21
CVE-2017-6095 [CRITICAL] CWE-89 CVE-2017-6095: A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. Th A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/lists/csvexport.php (Unauthenticated) with the GET Parameter: list_id.
nvd
CVE-2016-10956P3HIGHCVSS 7.5PoCv1.02019-09-16
CVE-2016-10956 [HIGH] CWE-20 CVE-2016-10956: The mail-masta plugin 1.0 for WordPress has local file inclusion in count_of_send.php and csvexport. The mail-masta plugin 1.0 for WordPress has local file inclusion in count_of_send.php and csvexport.php.
nvd
CVE-2017-6097P3HIGHCVSS 7.2PoCv1.02017-02-21
CVE-2017-6097 [HIGH] CWE-89 CVE-2017-6097: A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. Th A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/campaign/count_of_send.php (Requires authentication to Wordpress admin) with the POST Parameter: camp_id.
nvd
CVE-2017-6096P3HIGHCVSS 7.2PoCv1.02017-02-21
CVE-2017-6096 [HIGH] CWE-89 CVE-2017-6096: A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. Th A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/lists/view-list.php (Requires authentication to Wordpress admin) with the GET Parameter: filter_list.
nvd
CVE-2017-6098P3HIGHCVSS 7.2PoCv1.02017-02-21
CVE-2017-6098 [HIGH] CWE-89 CVE-2017-6098: A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. Th A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/campaign_save.php (Requires authentication to Wordpress admin) with the POST Parameter: list_id.
nvd
CVE-2017-6570P3HIGHCVSS 7.2v1.02017-03-09
CVE-2017-6570 [HIGH] CWE-89 CVE-2017-6570: A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/campaign/view-campaign-list.php with the GET Parameter: id.
nvd
CVE-2017-6575P3HIGHCVSS 7.2v1.02017-03-09
CVE-2017-6575 [HIGH] CWE-89 CVE-2017-6575: A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/edit_member.php with the GET Parameter: member_id.
nvd
CVE-2017-6573P3HIGHCVSS 7.2v1.02017-03-09
CVE-2017-6573 [HIGH] CWE-89 CVE-2017-6573: A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/edit-list.php with the GET Parameter: id.
nvd
CVE-2017-6576P3HIGHCVSS 7.2v1.02017-03-09
CVE-2017-6576 [HIGH] CWE-89 CVE-2017-6576: A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/campaign/campaign-delete.php with the GET Parameter: id.
nvd
CVE-2017-6577P3HIGHCVSS 7.2v1.02017-03-09
CVE-2017-6577 [HIGH] CWE-89 CVE-2017-6577: A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/subscriber_list.php with the POST Parameter: list_id.
nvd
CVE-2017-6572P3HIGHCVSS 7.2v1.02017-03-09
CVE-2017-6572 [HIGH] CWE-89 CVE-2017-6572: A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/add_member.php with the GET Parameter: filter_list.
nvd
CVE-2017-6574P3HIGHCVSS 7.2v1.02017-03-09
CVE-2017-6574 [HIGH] CWE-89 CVE-2017-6574: A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/edit_member.php with the GET Parameter: filter_list.
nvd
CVE-2017-6578P3HIGHCVSS 7.2v1.02017-03-09
CVE-2017-6578 [HIGH] CWE-89 CVE-2017-6578: A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/subscriber_list.php with the POST Parameter: subscriber_email.
nvd
CVE-2017-6571P3HIGHCVSS 7.2v1.02017-03-09
CVE-2017-6571 [HIGH] CWE-89 CVE-2017-6571: A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/campaign/view-campaign.php with the GET Parameter: id.
nvd
Mail-Masta Project Mail-Masta vulnerabilities | cvebase