CVE-2017-6098 is an authenticated SQL injection issue in the Mail Masta (mail-masta) WordPress plugin 1.0. The vulnerable path is /inc/campaign_save.php, and the issue is tied to the POST parameter list_id. NVD classifies it as CWE-89 and rates the flaw HIGH with a CVSS 3.0 score of 7.2, reflecting potentially serious confidentiality, integrity, and availability impact if an attacker has the required Word [truncated]
CVE-2017-6097 is an authenticated SQL injection affecting the Mail Masta (mail-masta) WordPress plugin 1.0. The vulnerable path is /inc/campaign/count_of_send.php, and the issue is triggered through the POST parameter camp_id. NVD classifies the weakness as CWE-89 and assigns a CVSS 3.0 score of 7.2 (HIGH), indicating meaningful impact once an attacker has WordPress admin authentication.
CVE-2017-6096 is a high-severity SQL injection vulnerability in the Mail Masta WordPress plugin 1.0. The issue affects /inc/lists/view-list.php and is triggered through the filter_list GET parameter. NVD rates the flaw at CVSS 7.2 and notes that WordPress admin authentication is required, so exposure is concentrated in environments where plugin admin access is available.
CRITICALMail Masta ProjectCVE published 2017-02-21
CVE-2017-6095 is a critical SQL injection vulnerability in the Mail Masta (mail-masta) WordPress plugin version 1.0. The NVD record states that the issue affects /inc/lists/csvexport.php and can be triggered without authentication through the list_id GET parameter. Because the flaw is network-reachable and requires no privileges or user interaction, it presents a high-risk exposure for any WordPress site [truncated]
