CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2017-6571 – Mail Masta <= 1.0 - SQL Injection via id parameter
https://notcve.org/view.php?id=CVE-2017-6571
A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/campaign/view-campaign.php with the GET Parameter: id. Un problema de inyección SQL es explotable, con acceso admin de WordPress, en el plugin Mail Masta (también conocido como mail-masta) 1.0 para WordPress. Esto afecta a . • http://www.securityfocus.com/bid/96783 https://github.com/hamkovic/Mail-Masta-Wordpress-Plugin • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2017-6575 – Mail Masta <= 1.0 - SQL Injection via member_id parameter
https://notcve.org/view.php?id=CVE-2017-6575
A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/edit_member.php with the GET Parameter: member_id. Un problema de inyección SQL es explotable, con acceso admin de WordPress, en el plugin Mail Masta (también conocido como mail-masta) 1.0 para WordPress. Esto afecta a . • http://www.securityfocus.com/bid/96783 https://github.com/hamkovic/Mail-Masta-Wordpress-Plugin • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2017-6577 – Mail Masta <= 1.0 - SQL Injection via list_id parameter
https://notcve.org/view.php?id=CVE-2017-6577
A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/subscriber_list.php with the POST Parameter: list_id. Un problema de inyección SQL es explotable, con acceso admin de WordPress, en el plugin Mail Masta (también conocido como mail-masta) 1.0 para WordPress. Esto afecta a . • http://www.securityfocus.com/bid/96783 https://github.com/hamkovic/Mail-Masta-Wordpress-Plugin • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 3CVE-2016-10956 – Mail Masta <= 1.0 - Local File Inclusion
https://notcve.org/view.php?id=CVE-2016-10956
The mail-masta plugin 1.0 for WordPress has local file inclusion in count_of_send.php and csvexport.php. El plugin mail-masta versión 1.0 para WordPress, presenta una inclusión de archivos locales en los archivos count_of_send.php y csvexport.php. • https://github.com/p0dalirius/CVE-2016-10956-mail-masta https://cxsecurity.com/issue/WLB-2016080220 https://wordpress.org/plugins/mail-masta/#developers https://wpvulndb.com/vulnerabilities/8609 • CWE-20: Improper Input Validation CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2017-5942 – WP Mail <= 1.1 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-5942
An issue was discovered in the WP Mail plugin before 1.2 for WordPress. The replyto parameter when composing a mail allows for a reflected XSS. This would allow you to execute JavaScript in the context of the user receiving the mail. Se descubrió un problema en el plugin WP Mail en versiones anteriores a 1.2 para WordPress. El parámetro replyto al componer un correo permite una XSS reflejada. • http://www.securityfocus.com/bid/96211 https://cjc.im/advisories/0006 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •