cleantalk
Vulnerabilities and Security Researches

Newsletters, CVE-2019-14788

CVE, Research URL

CVE-2019-14788

Home page URL

Security reports for Newsletters

Application

Newsletters

Published on
Aug 15, 2019
Research Description
wp-admin/admin-ajax.php?action=newsletters_exportmultiple in the Tribulant Newsletters plugin before 4.6.19 for WordPress allows directory traversal with resultant remote PHP code execution via the subscribers[1][1] parameter in conjunction with an exportfile=../ value.
Affected versions
Min -, max 4.6.19.
Status
vulnerable
Previous vulnerability researches
Newsletters (CVE-2024-37227) , Jun 24, 2024
Newsletters (CVE-2024-47346) , Oct 01, 2024
Newsletters (CVE-2024-7411) , Aug 16, 2024
Newsletters (CVE-2024-35718) , Jun 09, 2024
Newsletters (CVE-2024-13739) , Mar 23, 2025
New vulnerability
Frontend Dashboard (CVE-2025-4474) , May 14, 2025
Frontend Dashboard (CVE-2025-4473) , May 14, 2025
Easy FancyBox – WordPress Lightbox Plugin (CVE-2025-3597) , May 14, 2025
Everest Forms – Build Contact Forms, Surveys, Polls, Application Forms, and more with Ease! (CVE-2025-26841) , May 14, 2025
SMS Alert Order Notifications – WooCommerce (CVE-2025-47682) , May 14, 2025