The mail-masta plugin 1.0 for WordPress has local file inclusion in count_of_send.php and csvexport.php.
CVSS
7.5
HIGH
Published
Sep 16, 2019
Loading
Vendor coverage
Track published CVEs, severity trends, and remediation context for mail-masta_project products.
Search results
Showing 1-14 of 14 vulnerabilities.
The mail-masta plugin 1.0 for WordPress has local file inclusion in count_of_send.php and csvexport.php.
CVSS
7.5
HIGH
Published
Sep 16, 2019
A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/subscriber_list.php with the POST Parameter: subscriber_email.
CVSS
7.2
HIGH
Published
Mar 9, 2017
A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/subscriber_list.php with the POST Parameter: list_id.
CVSS
7.2
HIGH
Published
Mar 9, 2017
A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/campaign/campaign-delete.php with the GET Parameter: id.
CVSS
7.2
HIGH
Published
Mar 9, 2017
A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/edit_member.php with the GET Parameter: member_id.
CVSS
7.2
HIGH
Published
Mar 9, 2017
A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/edit_member.php with the GET Parameter: filter_list.
CVSS
7.2
HIGH
Published
Mar 9, 2017
A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/edit-list.php with the GET Parameter: id.
CVSS
7.2
HIGH
Published
Mar 9, 2017
A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/add_member.php with the GET Parameter: filter_list.
CVSS
7.2
HIGH
Published
Mar 9, 2017
A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/campaign/view-campaign.php with the GET Parameter: id.
CVSS
7.2
HIGH
Published
Mar 9, 2017
A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/campaign/view-campaign-list.php with the GET Parameter: id.
CVSS
7.2
HIGH
Published
Mar 9, 2017
A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/campaign_save.php (Requires authentication to Wordpress admin) with the POST Parameter: list_id.
CVSS
7.2
HIGH
Published
Feb 21, 2017
A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/campaign/count_of_send.php (Requires authentication to Wordpress admin) with the POST Parameter: camp_id.
CVSS
7.2
HIGH
Published
Feb 21, 2017
A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/lists/view-list.php (Requires authentication to Wordpress admin) with the GET Parameter: filter_list.
CVSS
7.2
HIGH
Published
Feb 21, 2017
A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/lists/csvexport.php (Unauthenticated) with the GET Parameter: list_id.
CVSS
9.8
CRITICAL
Published
Feb 21, 2017