Aggregates CVE and security vulnerability intelligence across all mail-masta_project-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk sql injection and vendor risk input validation and related problems; some flaws may lead to vendor impact data exposure and vendor impact unexpected behavior.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2016-10956 | The mail-masta plugin 1.0 for WordPress has local file inclusion in count_of_send.php and csvexport.php. | [email protected] | 7.5 | 91.05% | 2019-09-16 | 2024-11-21 |
| CVE-2017-6578 | A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/subscriber_list.php with the POST Parameter: subscriber_email. | [email protected] | 7.2 | 0.73% | 2017-03-09 | 2026-05-13 |
| CVE-2017-6577 | A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/subscriber_list.php with the POST Parameter: list_id. | [email protected] | 7.2 | 0.73% | 2017-03-09 | 2026-05-13 |
| CVE-2017-6576 | A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/campaign/campaign-delete.php with the GET Parameter: id. | [email protected] | 7.2 | 0.73% | 2017-03-09 | 2026-05-13 |
| CVE-2017-6575 | A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/edit_member.php with the GET Parameter: member_id. | [email protected] | 7.2 | 0.73% | 2017-03-09 | 2026-05-13 |
| CVE-2017-6574 | A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/edit_member.php with the GET Parameter: filter_list. | [email protected] | 7.2 | 0.73% | 2017-03-09 | 2026-05-13 |
| CVE-2017-6573 | A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/edit-list.php with the GET Parameter: id. | [email protected] | 7.2 | 0.73% | 2017-03-09 | 2026-05-13 |
| CVE-2017-6572 | A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/add_member.php with the GET Parameter: filter_list. | [email protected] | 7.2 | 0.93% | 2017-03-09 | 2026-05-13 |
| CVE-2017-6571 | A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/campaign/view-campaign.php with the GET Parameter: id. | [email protected] | 7.2 | 0.73% | 2017-03-09 | 2026-05-13 |
| CVE-2017-6570 | A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/campaign/view-campaign-list.php with the GET Parameter: id. | [email protected] | 7.2 | 0.73% | 2017-03-09 | 2026-05-13 |
| CVE-2017-6098 | A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/campaign_save.php (Requires authentication to Wordpress admin) with the POST Parameter: list_id. | [email protected] | 7.2 | 5.36% | 2017-02-21 | 2026-05-13 |
| CVE-2017-6097 | A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/campaign/count_of_send.php (Requires authentication to Wordpress admin) with the POST Parameter: camp_id. | [email protected] | 7.2 | 4.58% | 2017-02-21 | 2026-05-13 |
| CVE-2017-6096 | A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/lists/view-list.php (Requires authentication to Wordpress admin) with the GET Parameter: filter_list. | [email protected] | 7.2 | 3.43% | 2017-02-21 | 2026-05-13 |
| CVE-2017-6095 | A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/lists/csvexport.php (Unauthenticated) with the GET Parameter: list_id. | [email protected] | 9.8 | 6.93% | 2017-02-21 | 2026-05-13 |