cbcvebase.

Wpmailster Wp Mailster vulnerabilities

12 known vulnerabilities affecting wpmailster/wp_mailster.

Total CVEs
12
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH4MEDIUM6

Vulnerabilities

Page 1 of 1
CVE-2017-17451P3MEDIUMCVSS 6.1PoCfixed in 1.5.52017-12-07
CVE-2017-17451 [MEDIUM] CWE-79 CVE-2017-17451: The WP Mailster plugin before 1.5.5 for WordPress has XSS in the unsubscribe handler via the mes par The WP Mailster plugin before 1.5.5 for WordPress has XSS in the unsubscribe handler via the mes parameter to view/subscription/unsubscribe2.php.
nvd
CVE-2024-53807P3CRITICALCVSS 9.8fixed in 1.8.172024-12-06
CVE-2024-53807 [CRITICAL] CWE-89 CVE-2024-53807: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in brandtoss WP Mailster wp-mailster allows Blind SQL Injection.This issue affects WP Mailster: from n/a through <= 1.8.16.0.
nvd
CVE-2024-53805P3CRITICALCVSS 9.8fixed in 1.8.172024-12-06
CVE-2024-53805 [CRITICAL] CWE-862 CVE-2024-53805: Missing Authorization vulnerability in brandtoss WP Mailster wp-mailster allows Exploiting Incorrect Missing Authorization vulnerability in brandtoss WP Mailster wp-mailster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Mailster: from n/a through <= 1.8.16.0.
nvd
CVE-2024-53803P3HIGHCVSS 8.8fixed in 1.8.172024-12-06
CVE-2024-53803 [HIGH] CWE-862 CVE-2024-53803: Missing Authorization vulnerability in brandtoss WP Mailster wp-mailster allows Exploiting Incorrect Missing Authorization vulnerability in brandtoss WP Mailster wp-mailster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Mailster: from n/a through <= 1.8.16.0.
nvd
CVE-2024-53804P3HIGHCVSS 7.5fixed in 1.8.172024-12-06
CVE-2024-53804 [HIGH] CWE-201 CVE-2024-53804: Insertion of Sensitive Information Into Sent Data vulnerability in brandtoss WP Mailster wp-mailster Insertion of Sensitive Information Into Sent Data vulnerability in brandtoss WP Mailster wp-mailster allows Retrieve Embedded Sensitive Data.This issue affects WP Mailster: from n/a through <= 1.8.16.0.
nvd
CVE-2025-22303P3HIGHCVSS 7.5fixed in 1.8.182025-01-07
CVE-2025-22303 [HIGH] CWE-201 CVE-2025-22303: Insertion of Sensitive Information Into Sent Data vulnerability in brandtoss WP Mailster wp-mailster Insertion of Sensitive Information Into Sent Data vulnerability in brandtoss WP Mailster wp-mailster allows Retrieve Embedded Sensitive Data.This issue affects WP Mailster: from n/a through <= 1.8.17.0.
nvd
CVE-2024-54355P3HIGHCVSS 8.8fixed in 1.8.172024-12-16
CVE-2024-54355 [HIGH] CWE-352 CVE-2024-54355: Cross-Site Request Forgery (CSRF) vulnerability in brandtoss WP Mailster wp-mailster allows Cross Si Cross-Site Request Forgery (CSRF) vulnerability in brandtoss WP Mailster wp-mailster allows Cross Site Request Forgery.This issue affects WP Mailster: from n/a through <= 1.8.17.0.
nvd
CVE-2024-53737P4MEDIUMCVSS 5.4fixed in 1.8.172024-11-28
CVE-2024-53737 [MEDIUM] CWE-79 CVE-2024-53737: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brandtoss WP Mailster wp-mailster allows Stored XSS.This issue affects WP Mailster: from n/a through <= 1.8.16.0.
nvd
CVE-2021-28975P4MEDIUMCVSS 6.1v1.6.182021-10-21
CVE-2021-28975 [MEDIUM] CWE-79 CVE-2021-28975: WP Mailster 1.6.18.0 allows XSS when a victim opens a mail server's details in the mst_servers page, WP Mailster 1.6.18.0 allows XSS when a victim opens a mail server's details in the mst_servers page, for a crafted server_host, server_name, or connection_parameter parameter.
nvd
CVE-2025-24559P4MEDIUMCVSS 6.1fixed in 1.8.162025-02-03
CVE-2025-24559 [MEDIUM] CWE-79 CVE-2025-24559: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brandtoss WP Mailster wp-mailster allows Reflected XSS.This issue affects WP Mailster: from n/a through <= 1.8.15.0.
nvd
CVE-2025-24598P4MEDIUMCVSS 6.1fixed in 1.8.182025-02-04
CVE-2025-24598 [MEDIUM] CWE-79 CVE-2025-24598: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brandtoss WP Mailster wp-mailster allows Reflected XSS.This issue affects WP Mailster: from n/a through <= 1.8.17.0.
nvd
CVE-2024-11782P4MEDIUMCVSS 5.4fixed in 1.8.182024-12-03
CVE-2024-11782 [MEDIUM] CWE-79 CVE-2024-11782: The WP Mailster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ' The WP Mailster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mst_subscribe' shortcode in all versions up to, and including, 1.8.17.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above,
nvd
Wpmailster Wp Mailster vulnerabilities | cvebase