cleantalk
Vulnerabilities and Security Researches

Mailster WordPress Newsletter Plugin Compatibility Tester, 35c42744-3eb8-4dff-9b8f-3c61a8f395fd

CVE, Research URL

35c42744-3eb8-4dff-9b8f-3c61a8f395fd

Home page URL

Security reports for Mailster WordPress Newsletter Plugin Compatibility Tester

Application

Mailster WordPress Newsletter Plugin Compatibility Tester

Published on
-
Research Description
Mailster WordPress Newsletter Plugin [mailster] < 2.4.9 Mailster Gravity Forms &lt; 2.4.9 - Unauthenticated Stored Cross-Site Scripting (XSS) Mailster [1] is a newsletter plugin for WordPress. It allows to create, send and track the newsletter campaigns. Compass Security identified a stored Cross-Site Scripting (XSS) vulnerability affecting the administration interface. Successful exploitation requires no authentication and can be performed remotely. [1] https://codecanyon.net/item/mailster-email-newsletter-plugin-for-wordpress/3078294
Affected versions
max 2.4.9.
Status
vulnerable
Previous vulnerability researches
WP Mailster (CVE-2024-53737) , Nov 26, 2024
WP Mailster (CVE-2024-53805) , May 06, 2025
WP Mailster (CVE-2024-53804) , May 06, 2025
WP Mailster (CVE-2025-24598) , May 06, 2025
WP Mailster (CVE-2024-53803) , May 06, 2025
New vulnerability
leenk.me (753d31765913b4d2dbb8af0a5512e5f1f8c70c61) , Jun 16, 2026
Social Hashtags (5abd4657-8a58-4d97-b8cb-b67235ab5b8a) , Jun 16, 2026
Social Hashtags (1965c7b04565befbb11c28b56cb6922733a47b03) , Jun 16, 2026
Social Hashtags (a7cf6766582e354e702766a86f85716127d19bdc) , Jun 16, 2026
Simple Calendar &#8211; Google Calendar Plugin (e98a6264-9c5a-417f-b2f8-bd0017b411a0) , Jun 16, 2026