Hanley Shun

#8722of 53,633
31.4Total CVSS
Vulnerabilities · 4
High
3
Critical
1
PT-2017-16891
9.8
2017-02-21
WordPress · Mail Masta · CVE-2017-6095
**Name of the Vulnerable Software and Affected Versions** Mail Masta plugin version 1.0 **Description** A SQL injection issue was discovered in the Mail Masta plugin for WordPress. This issue affects the /inc/lists/csvexport.php endpoint, specifically with the `list id` parameter, and can be exploited without authentication. **Recommendations** For Mail Masta plugin version 1.0, consider disabling access to the /inc/lists/csvexport.php endpoint until a patch is available, or restrict the use of the `list id` parameter to minimize the risk of exploitation.
PT-2017-16892
7.2
2017-02-21
WordPress · Mail Masta · CVE-2017-6096
**Name of the Vulnerable Software and Affected Versions** Mail Masta plugin version 1.0 **Description** A SQL injection issue was discovered in the Mail Masta plugin. This issue affects the /inc/lists/view-list.php endpoint, which requires authentication to the WordPress admin. The `filter list` GET parameter is vulnerable. **Recommendations** For Mail Masta plugin version 1.0, avoid using the `filter list` parameter in the /inc/lists/view-list.php endpoint until a fix is available. As a temporary workaround, consider restricting access to the /inc/lists/view-list.php endpoint to minimize the risk of exploitation.
PT-2017-16893
7.2
2017-02-21
WordPress · Mail Masta · CVE-2017-6097
**Name of the Vulnerable Software and Affected Versions** Mail Masta plugin version 1.0 **Description** A SQL injection issue was discovered in the Mail Masta plugin for WordPress. This issue affects the `/inc/campaign/count of send.php` endpoint, which requires authentication to the WordPress admin panel. The `camp id` parameter is vulnerable. **Recommendations** For Mail Masta plugin version 1.0, avoid using the `camp id` parameter in the `/inc/campaign/count of send.php` endpoint until the issue is resolved. As a temporary workaround, consider restricting access to the `/inc/campaign/count of send.php` endpoint to minimize the risk of exploitation.
PT-2017-16894
7.2
2017-02-21
WordPress · Mail Masta · CVE-2017-6098
**Name of the Vulnerable Software and Affected Versions** Mail Masta plugin version 1.0 **Description** A SQL injection issue was discovered in the Mail Masta plugin for WordPress. This issue affects the /inc/campaign save.php endpoint, which requires authentication to the WordPress admin. The `list id` parameter is vulnerable. **Recommendations** For Mail Masta plugin version 1.0, avoid using the `list id` parameter in the /inc/campaign save.php endpoint until the issue is resolved. As a temporary workaround, consider restricting access to the /inc/campaign save.php endpoint to minimize the risk of exploitation.