tribulant CVE Vulnerabilities & Metrics

Focus on tribulant vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About tribulant Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with tribulant. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total tribulant CVEs: 17
Earliest CVE date: 11 Sep 2014, 15:55 UTC
Latest CVE date: 06 Sep 2024, 04:15 UTC

Latest CVE reference: CVE-2024-8247

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 4

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0.0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical tribulant CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 3.04

Max CVSS: 7.5

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	10
4.0-6.9	6
7.0-8.9	2
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS tribulant CVEs

These are the five CVEs with the highest CVSS scores for tribulant, sorted by severity first and recency.

CVE-2018-20987 tribulant Published on 22 Aug 2019, 20:15 UTC (CVSS: 7.5)
The newsletters-lite plugin before 4.6.8.6 for WordPress has PHP object injection.
CVE-2018-18018 tribulant Published on 15 Apr 2019, 21:29 UTC (CVSS: 7.5)
SQL Injection exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPress via the wp-admin/admin.php?page=slideshow-galleries&method=save Gallery[id] or Gallery[title] parameter.
CVE-2019-15828 tribulant Published on 30 Aug 2019, 14:15 UTC (CVSS: 6.8)
The one-click-ssl plugin before 1.4.7 for WordPress has CSRF.
CVE-2019-14788 tribulant Published on 15 Aug 2019, 16:15 UTC (CVSS: 6.5)
wp-admin/admin-ajax.php?action=newsletters_exportmultiple in the Tribulant Newsletters plugin before 4.6.19 for WordPress allows directory traversal with resultant remote PHP code execution via the subscribers[1][1] parameter in conjunction with an exportfile=../ value.
CVE-2014-5460 tribulant Published on 11 Sep 2014, 15:55 UTC (CVSS: 6.5)
Unrestricted file upload vulnerability in the Tribulant Slideshow Gallery plugin before 1.4.7 for WordPress allows remote authenticated users to execute arbitrary code by uploading a PHP file, then accessing it via a direct request to the file in wp-content/uploads/slideshow-gallery/.

All CVEs for tribulant

CVE-2024-8247 tribulant vulnerability CVSS: 0 06 Sep 2024, 04:15 UTC

The Newsletters plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 4.9.9.2. This is due to the plugin not restricting what user meta can be updated as screen options. This makes it possible for authenticated attackers, with subscriber-level access and above, to escalate their privileges to that of an administrator. Please note that this only affects users with access to edit/update screen options, which means an administrator would need to grant lower privilege users with access to the Sent & Draft Emails page of the plugin in order for this to be exploited.

CVE-2024-37227 tribulant vulnerability CVSS: 0 21 Jun 2024, 14:15 UTC

Cross Site Request Forgery (CSRF) vulnerability in Tribulant Newsletters.This issue affects Newsletters: from n/a through 4.9.7.

CVE-2024-35718 tribulant vulnerability CVSS: 0 08 Jun 2024, 14:15 UTC

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tribulant Newsletters allows Reflected XSS.This issue affects Newsletters: from n/a through 4.9.5.

CVE-2024-31353 tribulant vulnerability CVSS: 0 10 Apr 2024, 16:15 UTC

Insertion of Sensitive Information into Log File vulnerability in Tribulant Slideshow Gallery.This issue affects Slideshow Gallery: from n/a through 1.7.8.

CVE-2023-4797 tribulant vulnerability CVSS: 0 16 Jan 2024, 16:15 UTC

The Newsletters WordPress plugin before 4.9.3 does not properly escape user-controlled parameters when they are appended to SQL queries and shell commands, which could enable an administrator to run arbitrary commands on the server.

CVE-2023-28491 tribulant vulnerability CVSS: 0 20 Dec 2023, 18:15 UTC

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tribulant Slideshow Gallery LITE.This issue affects Slideshow Gallery LITE: from n/a through 1.7.6.

CVE-2023-28497 tribulant vulnerability CVSS: 0 12 Nov 2023, 22:15 UTC

Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Slideshow Gallery LITE plugin <= 1.7.6 versions.

CVE-2023-30478 tribulant vulnerability CVSS: 0 10 Nov 2023, 14:15 UTC

Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Newsletters plugin <= 4.8.8 versions.

CVE-2021-24882 tribulant vulnerability CVSS: 3.5 23 Nov 2021, 20:15 UTC

The Slideshow Gallery WordPress plugin before 1.7.4 does not sanitise and escape the Slide "Title", "Description", and Gallery "Title" fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed

CVE-2019-15828 tribulant vulnerability CVSS: 6.8 30 Aug 2019, 14:15 UTC

The one-click-ssl plugin before 1.4.7 for WordPress has CSRF.

CVE-2018-20987 tribulant vulnerability CVSS: 7.5 22 Aug 2019, 20:15 UTC

The newsletters-lite plugin before 4.6.8.6 for WordPress has PHP object injection.

CVE-2019-14788 tribulant vulnerability CVSS: 6.5 15 Aug 2019, 16:15 UTC

wp-admin/admin-ajax.php?action=newsletters_exportmultiple in the Tribulant Newsletters plugin before 4.6.19 for WordPress allows directory traversal with resultant remote PHP code execution via the subscribers[1][1] parameter in conjunction with an exportfile=../ value.

CVE-2019-14787 tribulant vulnerability CVSS: 3.5 09 Aug 2019, 13:15 UTC

The Tribulant Newsletters plugin before 4.6.19 for WordPress allows XSS via the wp-admin/admin-ajax.php?action=newsletters_load_new_editor contentarea parameter.

CVE-2018-18019 tribulant vulnerability CVSS: 4.3 15 Apr 2019, 21:29 UTC

XSS exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPress via the wp-admin/admin.php?page=slideshow-slides&method=save Slide[title], Slide[media_file], or Slide[image_url] parameter.

CVE-2018-18018 tribulant vulnerability CVSS: 7.5 15 Apr 2019, 21:29 UTC

SQL Injection exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPress via the wp-admin/admin.php?page=slideshow-galleries&method=save Gallery[id] or Gallery[title] parameter.

CVE-2018-18017 tribulant vulnerability CVSS: 4.3 15 Apr 2019, 21:29 UTC

XSS exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPress via the wp-admin/admin.php?page=slideshow-galleries&method=save Gallery[id] or Gallery[title] parameter.

CVE-2018-17946 tribulant vulnerability CVSS: 4.3 03 Oct 2018, 08:29 UTC

The Tribulant Slideshow Gallery plugin before 1.6.6.1 for WordPress has XSS via the id, method, Gallerymessage, Galleryerror, or Galleryupdated parameter.

CVE-2014-5460 tribulant vulnerability CVSS: 6.5 11 Sep 2014, 15:55 UTC

Unrestricted file upload vulnerability in the Tribulant Slideshow Gallery plugin before 1.4.7 for WordPress allows remote authenticated users to execute arbitrary code by uploading a PHP file, then accessing it via a direct request to the file in wp-content/uploads/slideshow-gallery/.