Aggregates CVE and security vulnerability intelligence across all wpmailster-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk cross-site scripting, vendor risk sql injection, and vendor risk csrf and related problems; some flaws may lead to vendor impact session compromise and vendor impact data exposure.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-24598 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brandtoss WP Mailster wp-mailster allows Reflected XSS.This issue affects WP Mailster: from n/a through <= 1.8.17.0. | [email protected] | 7.1 | 0.24% | 2025-02-04 | 2026-06-17 |
| CVE-2025-24559 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brandtoss WP Mailster wp-mailster allows Reflected XSS.This issue affects WP Mailster: from n/a through <= 1.8.15.0. | [email protected] | 7.1 | 0.29% | 2025-02-03 | 2026-06-17 |
| CVE-2025-22303 | Insertion of Sensitive Information Into Sent Data vulnerability in brandtoss WP Mailster wp-mailster allows Retrieve Embedded Sensitive Data.This issue affects WP Mailster: from n/a through <= 1.8.17.0. | [email protected] | 5.3 | 0.42% | 2025-01-07 | 2026-06-17 |
| CVE-2024-54355 | Cross-Site Request Forgery (CSRF) vulnerability in brandtoss WP Mailster wp-mailster allows Cross Site Request Forgery.This issue affects WP Mailster: from n/a through <= 1.8.17.0. | [email protected] | 4.3 | 0.26% | 2024-12-16 | 2026-06-17 |
| CVE-2024-53807 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in brandtoss WP Mailster wp-mailster allows Blind SQL Injection.This issue affects WP Mailster: from n/a through <= 1.8.16.0. | [email protected] | 8.5 | 0.38% | 2024-12-06 | 2026-06-17 |
| CVE-2024-53805 | Missing Authorization vulnerability in brandtoss WP Mailster wp-mailster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Mailster: from n/a through <= 1.8.16.0. | [email protected] | 7.5 | 0.55% | 2024-12-06 | 2026-06-17 |
| CVE-2024-53804 | Insertion of Sensitive Information Into Sent Data vulnerability in brandtoss WP Mailster wp-mailster allows Retrieve Embedded Sensitive Data.This issue affects WP Mailster: from n/a through <= 1.8.16.0. | [email protected] | 7.5 | 0.56% | 2024-12-06 | 2026-06-17 |
| CVE-2024-53803 | Missing Authorization vulnerability in brandtoss WP Mailster wp-mailster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Mailster: from n/a through <= 1.8.16.0. | [email protected] | 6.5 | 0.49% | 2024-12-06 | 2026-06-17 |
| CVE-2024-11782 | The WP Mailster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mst_subscribe' shortcode in all versions up to, and including, 1.8.17.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | [email protected] | 6.4 | 0.28% | 2024-12-03 | 2026-06-17 |
| CVE-2024-53737 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brandtoss WP Mailster wp-mailster allows Stored XSS.This issue affects WP Mailster: from n/a through <= 1.8.16.0. | [email protected] | 6.5 | 0.29% | 2024-11-28 | 2026-06-17 |
| CVE-2021-28975 | WP Mailster 1.6.18.0 allows XSS when a victim opens a mail server's details in the mst_servers page, for a crafted server_host, server_name, or connection_parameter parameter. | [email protected] | 6.1 | 0.87% | 2021-10-21 | 2026-06-16 |
| CVE-2017-17451 | The WP Mailster plugin before 1.5.5 for WordPress has XSS in the unsubscribe handler via the mes parameter to view/subscription/unsubscribe2.php. | [email protected] | 6.1 | 5.09% | 2017-12-06 | 2026-06-16 |