Vulnerabilities and security researches formailster mailster
Direction: ascendingJun 06, 2024
Mailster WordPress Newsletter Plugin Compatibility Tester # 9845eb1f34f6ca81265e33419f6dc11742e19c8c
- CVE, Research URL
- Date
- Oct 14, 2020
- Research Description
- Mailster WordPress Newsletter Plugin [mailster] < 2.4.9 WordPress Mailster plugin <= 2.4.8 - Stored Cross-Site Scripting (XSS) vulnerability Stored Cross-Site Scripting (XSS) vulnerability found by Thierry Viaccoz in WordPress Mailster plugin (versions <= 2.4.8).
- Affected versions
-
max 2.4.9.
- Status
-
vulnerable
Mailster WordPress Newsletter Plugin Compatibility Tester # CVE-2024-30503
- CVE, Research URL
- Date
- Mar 29, 2024
- Research Description
- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EverPress Mailster mailster.This issue affects Mailster: from n/a through <= 4.0.6.
- Affected versions
-
max 2.0.0.
- Status
-
vulnerable
Mailster WordPress Newsletter Plugin Compatibility Tester # CVE-2024-32523
- CVE, Research URL
- Date
- May 17, 2024
- Research Description
- Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in EverPress Mailster mailster.This issue affects Mailster: from n/a through <= 4.0.6.
- Affected versions
-
max 4.0.7.
- Status
-
vulnerable
Jul 02, 2024
Mailster WordPress Newsletter Plugin Compatibility Tester # CVE-2024-37433
- CVE, Research URL
- Date
- Jul 22, 2024
- Research Description
- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EverPress Mailster mailster.This issue affects Mailster: from n/a through <= 4.0.9.
- Affected versions
-
max 4.0.10.
- Status
-
vulnerable
Jan 10, 2026
Mailster WordPress Newsletter Plugin Compatibility Tester # CVE-2025-64203
- CVE, Research URL
- Date
- Dec 18, 2025
- Research Description
- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EverPress Mailster mailster allows Reflected XSS.This issue affects Mailster: from n/a through < 4.1.14.
- Affected versions
-
max 4.1.14.
- Status
-
vulnerable
Jun 16, 2026
Mailster WordPress Newsletter Plugin Compatibility Tester # 1706fa51bc91d338c39038c7ab388537d6a12270
- CVE, Research URL
- Date
- Oct 14, 2020
- Research Description
- Mailster WordPress Newsletter Plugin [mailster] < 2.4.9 Mailster <= 2.4.5.1 - Stored Cross-Site Scripting The Mailster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the administration interface in versions up to, and including, 2.4.5.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
- Affected versions
-
max 2.4.9.
- Status
-
vulnerable
Mailster WordPress Newsletter Plugin Compatibility Tester # 35c42744-3eb8-4dff-9b8f-3c61a8f395fd
- CVE, Research URL
- Date
- -
- Research Description
- Mailster WordPress Newsletter Plugin [mailster] < 2.4.9 Mailster Gravity Forms < 2.4.9 - Unauthenticated Stored Cross-Site Scripting (XSS) Mailster [1] is a newsletter plugin for WordPress. It allows to create, send and track the newsletter campaigns. Compass Security identified a stored Cross-Site Scripting (XSS) vulnerability affecting the administration interface. Successful exploitation requires no authentication and can be performed remotely. [1] https://codecanyon.net/item/mailster-email-newsletter-plugin-for-wordpress/3078294
- Affected versions
-
max 2.4.9.
- Status
-
vulnerable