Shodan
Vulnerabilities
Vulnerable Software
Wpmailster:  >> Wp Mailster  >> 1.4.17  Security Vulnerabilities
CVE-2025-24598
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brandtoss WP Mailster allows Reflected XSS. This issue affects WP Mailster: from n/a through 1.8.17.0.
CVSS Score
7.1
EPSS Score
0.0
Published
2025-02-04
CVE-2025-24559
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brandtoss WP Mailster allows Reflected XSS. This issue affects WP Mailster: from n/a through 1.8.15.0.
CVSS Score
7.1
EPSS Score
0.0
Published
2025-02-03
CVE-2025-22303
Insertion of Sensitive Information Into Sent Data vulnerability in brandtoss WP Mailster allows Retrieve Embedded Sensitive Data.This issue affects WP Mailster: from n/a through 1.8.17.0.
CVSS Score
5.3
EPSS Score
0.001
Published
2025-01-07
CVE-2024-54355
Cross-Site Request Forgery (CSRF) vulnerability in brandtoss WP Mailster allows Cross Site Request Forgery.This issue affects WP Mailster: from n/a through 1.8.17.0.
CVSS Score
4.3
EPSS Score
0.0
Published
2024-12-16
CVE-2024-53807
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in brandtoss WP Mailster allows Blind SQL Injection.This issue affects WP Mailster: from n/a through 1.8.16.0.
CVSS Score
8.5
EPSS Score
0.002
Published
2024-12-06
CVE-2024-53803
Missing Authorization vulnerability in brandtoss WP Mailster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Mailster: from n/a through 1.8.16.0.
CVSS Score
6.5
EPSS Score
0.002
Published
2024-12-06
CVE-2024-53804
Insertion of Sensitive Information Into Sent Data vulnerability in brandtoss WP Mailster allows Retrieve Embedded Sensitive Data.This issue affects WP Mailster: from n/a through 1.8.16.0.
CVSS Score
7.5
EPSS Score
0.002
Published
2024-12-06
CVE-2024-53805
Missing Authorization vulnerability in brandtoss WP Mailster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Mailster: from n/a through 1.8.16.0.
CVSS Score
7.5
EPSS Score
0.003
Published
2024-12-06
CVE-2024-11782
The WP Mailster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mst_subscribe' shortcode in all versions up to, and including, 1.8.17.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVSS Score
6.4
EPSS Score
0.0
Published
2024-12-03
CVE-2024-53737
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Mailster allows Stored XSS.This issue affects WP Mailster: from n/a through 1.8.16.0.
CVSS Score
6.5
EPSS Score
0.0
Published
2024-11-28


Products
Pricing
Contact Us

Shodan ® - All rights reserved