Vulnerabilities and security researches forwp-mailster wp-mailster

Jun 07, 2024

CVE, Research URL: CVE-2017-17451
Home page URL: Security reports for WP Mailster
Application: WP Mailster
Date: Dec 07, 2017
Research Description: The WP Mailster plugin before 1.5.5 for WordPress has XSS in the unsubscribe handler via the mes parameter to view/subscription/unsubscribe2.php.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2021-28975
Home page URL: Security reports for WP Mailster
Application: WP Mailster
Date: Oct 21, 2021
Research Description: WP Mailster 1.6.18.0 allows XSS when a victim opens a mail server's details in the mst_servers page, for a crafted server_host, server_name, or connection_parameter parameter.
Affected versions: Min -, max -.
Status: vulnerable

Nov 26, 2024

CVE, Research URL: CVE-2024-53737
Home page URL: Security reports for WP Mailster
Application: WP Mailster
Date: Nov 28, 2024
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Mailster allows Stored XSS.This issue affects WP Mailster: from n/a through 1.8.16.0.
Affected versions: Min -, max -.
Status: vulnerable

Dec 06, 2024

CVE, Research URL: CVE-2024-11782
Home page URL: Security reports for WP Mailster
Application: WP Mailster
Date: Dec 03, 2024
Research Description: The WP Mailster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mst_subscribe' shortcode in all versions up to, and including, 1.8.17.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Dec 18, 2024

CVE, Research URL: CVE-2024-54355
Home page URL: Security reports for WP Mailster
Application: WP Mailster
Date: Dec 16, 2024
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in brandtoss WP Mailster allows Cross Site Request Forgery.This issue affects WP Mailster: from n/a through 1.8.17.0.
Affected versions: Min -, max -.
Status: vulnerable

Jan 09, 2025

CVE, Research URL: CVE-2025-22303
Home page URL: Security reports for WP Mailster
Application: WP Mailster
Date: Jan 07, 2025
Research Description: Insertion of Sensitive Information Into Sent Data vulnerability in brandtoss WP Mailster allows Retrieve Embedded Sensitive Data.This issue affects WP Mailster: from n/a through 1.8.17.0.
Affected versions: Min -, max -.
Status: vulnerable

Feb 05, 2025

CVE, Research URL: CVE-2025-24559
Home page URL: Security reports for WP Mailster
Application: WP Mailster
Date: Feb 03, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brandtoss WP Mailster allows Reflected XSS. This issue affects WP Mailster: from n/a through 1.8.15.0.
Affected versions: Min -, max -.
Status: vulnerable

Feb 16, 2025

CVE, Research URL: CVE-2025-24567
Home page URL: Security reports for WP Mailster
Application: WP Mailster
Date: Feb 14, 2025
Research Description: Insertion of Sensitive Information Into Sent Data vulnerability in brandtoss WP Mailster allows Retrieve Embedded Sensitive Data. This issue affects WP Mailster: from n/a through 1.8.16.0.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2025-24688
Home page URL: Security reports for WP Mailster
Application: WP Mailster
Date: Feb 14, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brandtoss WP Mailster allows Reflected XSS. This issue affects WP Mailster: from n/a through 1.8.20.0.
Affected versions: Min -, max -.
Status: vulnerable

May 06, 2025

CVE, Research URL: CVE-2024-53805
Home page URL: Security reports for WP Mailster
Application: WP Mailster
Date: Dec 06, 2024
Research Description: Missing Authorization vulnerability in brandtoss WP Mailster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Mailster: from n/a through 1.8.16.0.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2024-53804
Home page URL: Security reports for WP Mailster
Application: WP Mailster
Date: Dec 06, 2024
Research Description: Insertion of Sensitive Information Into Sent Data vulnerability in brandtoss WP Mailster allows Retrieve Embedded Sensitive Data.This issue affects WP Mailster: from n/a through 1.8.16.0.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2025-24598
Home page URL: Security reports for WP Mailster
Application: WP Mailster
Date: Feb 04, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brandtoss WP Mailster allows Reflected XSS. This issue affects WP Mailster: from n/a through 1.8.17.0.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2024-53803
Home page URL: Security reports for WP Mailster
Application: WP Mailster
Date: Dec 06, 2024
Research Description: Missing Authorization vulnerability in brandtoss WP Mailster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Mailster: from n/a through 1.8.16.0.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2024-53807
Home page URL: Security reports for WP Mailster
Application: WP Mailster
Date: Dec 06, 2024
Research Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in brandtoss WP Mailster allows Blind SQL Injection.This issue affects WP Mailster: from n/a through 1.8.16.0.
Affected versions: Min -, max -.
Status: vulnerable