Vulnerabilities and security researches forwp-mailster wp-mailster

Jun 15, 2026

CVE, Research URL: 5b638eae1d2850eb51a100ba4391551529bfdb43
Home page URL: Security reports for WP Mailster
Application: WP Mailster
Date: Dec 06, 2017
Research Description: WP Mailster [wp-mailster] < 1.5.5 WordPress WP Mailster plugin <=1.5.4 - Unauthenticated Cross-Site Scripting (XSS) vulnerability Unauthenticated Cross-Site Scripting (XSS) vulnerability found by Ricardo Sanchez in WordPress WP Mailster plugin (versions <=1.5.4).
Affected versions: max 1.5.5.
Status: vulnerable

May 06, 2025

CVE, Research URL: CVE-2024-53805
Home page URL: Security reports for WP Mailster
Application: WP Mailster
Date: Dec 06, 2024
Research Description: Missing Authorization vulnerability in brandtoss WP Mailster wp-mailster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Mailster: from n/a through <= 1.8.16.0.
Affected versions: max 1.8.17.0.
Status: vulnerable

CVE, Research URL: CVE-2024-53804
Home page URL: Security reports for WP Mailster
Application: WP Mailster
Date: Dec 06, 2024
Research Description: Insertion of Sensitive Information Into Sent Data vulnerability in brandtoss WP Mailster wp-mailster allows Retrieve Embedded Sensitive Data.This issue affects WP Mailster: from n/a through <= 1.8.16.0.
Affected versions: max 1.8.17.0.
Status: vulnerable

CVE, Research URL: CVE-2025-24598
Home page URL: Security reports for WP Mailster
Application: WP Mailster
Date: Feb 04, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brandtoss WP Mailster wp-mailster allows Reflected XSS.This issue affects WP Mailster: from n/a through <= 1.8.17.0.
Affected versions: max 1.8.18.0.
Status: vulnerable

CVE, Research URL: CVE-2024-53803
Home page URL: Security reports for WP Mailster
Application: WP Mailster
Date: Dec 06, 2024
Research Description: Missing Authorization vulnerability in brandtoss WP Mailster wp-mailster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Mailster: from n/a through <= 1.8.16.0.
Affected versions: max 1.8.17.0.
Status: vulnerable

CVE, Research URL: CVE-2024-53807
Home page URL: Security reports for WP Mailster
Application: WP Mailster
Date: Dec 06, 2024
Research Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in brandtoss WP Mailster wp-mailster allows Blind SQL Injection.This issue affects WP Mailster: from n/a through <= 1.8.16.0.
Affected versions: max 1.8.17.0.
Status: vulnerable

Feb 16, 2025

CVE, Research URL: CVE-2025-24567
Home page URL: Security reports for WP Mailster
Application: WP Mailster
Date: Feb 14, 2025
Research Description: Insertion of Sensitive Information Into Sent Data vulnerability in brandtoss WP Mailster wp-mailster allows Retrieve Embedded Sensitive Data.This issue affects WP Mailster: from n/a through <= 1.8.16.0.
Affected versions: max 1.8.17.0.
Status: vulnerable

CVE, Research URL: CVE-2025-24688
Home page URL: Security reports for WP Mailster
Application: WP Mailster
Date: Feb 14, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brandtoss WP Mailster wp-mailster allows Reflected XSS.This issue affects WP Mailster: from n/a through <= 1.8.20.0.
Affected versions: max 1.8.21.0.
Status: vulnerable

Feb 05, 2025

CVE, Research URL: CVE-2025-24559
Home page URL: Security reports for WP Mailster
Application: WP Mailster
Date: Feb 03, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brandtoss WP Mailster wp-mailster allows Reflected XSS.This issue affects WP Mailster: from n/a through <= 1.8.15.0.
Affected versions: max 1.8.16.0.
Status: vulnerable

Jan 09, 2025

CVE, Research URL: CVE-2025-22303
Home page URL: Security reports for WP Mailster
Application: WP Mailster
Date: Jan 07, 2025
Research Description: Insertion of Sensitive Information Into Sent Data vulnerability in brandtoss WP Mailster wp-mailster allows Retrieve Embedded Sensitive Data.This issue affects WP Mailster: from n/a through <= 1.8.17.0.
Affected versions: max 1.8.18.0.
Status: vulnerable

Dec 18, 2024

CVE, Research URL: CVE-2024-54355
Home page URL: Security reports for WP Mailster
Application: WP Mailster
Date: Dec 16, 2024
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in brandtoss WP Mailster wp-mailster allows Cross Site Request Forgery.This issue affects WP Mailster: from n/a through <= 1.8.17.0.
Affected versions: max 1.8.18.0.
Status: vulnerable

Dec 06, 2024

CVE, Research URL: CVE-2024-11782
Home page URL: Security reports for WP Mailster
Application: WP Mailster
Date: Dec 03, 2024
Research Description: The WP Mailster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mst_subscribe' shortcode in all versions up to, and including, 1.8.17.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: max 1.8.18.0.
Status: vulnerable

Nov 26, 2024

CVE, Research URL: CVE-2024-53737
Home page URL: Security reports for WP Mailster
Application: WP Mailster
Date: Nov 28, 2024
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brandtoss WP Mailster wp-mailster allows Stored XSS.This issue affects WP Mailster: from n/a through <= 1.8.16.0.
Affected versions: max 1.8.17.0.
Status: vulnerable

Jun 07, 2024

CVE, Research URL: CVE-2017-17451
Home page URL: Security reports for WP Mailster
Application: WP Mailster
Date: Dec 07, 2017
Research Description: The WP Mailster plugin before 1.5.5 for WordPress has XSS in the unsubscribe handler via the mes parameter to view/subscription/unsubscribe2.php.
Affected versions: max 1.5.5.
Status: vulnerable

CVE, Research URL: CVE-2021-28975
Home page URL: Security reports for WP Mailster
Application: WP Mailster
Date: Oct 21, 2021
Research Description: WP Mailster 1.6.18.0 allows XSS when a victim opens a mail server's details in the mst_servers page, for a crafted server_host, server_name, or connection_parameter parameter.
Affected versions: max 1.6.19.
Status: vulnerable