Browse all 4 CVE security advisories affecting satollo. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Satollo provides a gamification platform for customer engagement and employee motivation, primarily used by businesses to drive desired behaviors through reward systems. Historically, the platform has been vulnerable to cross-site scripting (XSS), remote code execution (RCE), and privilege escalation flaws, with four CVEs documented. Security researchers have identified input validation weaknesses and improper access controls in its web interface and API endpoints. While no major public security incidents have been widely reported, the consistent pattern of vulnerabilities suggests potential risks for organizations implementing the platform without proper hardening or monitoring.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-1051 | Newsletter – Send awesome emails from WordPress <= 9.1.0 - Cross-Site Request Forgery to Newsletter Unsubscription — Newsletter – Send awesome emails from WordPressCWE-352 | 4.3 | Medium | 2026-01-20 |
| CVE-2024-13900 | Head, Footer and Post Injections <= 3.3.0 - Authenticated (Administrator+) PHP Code Injection in Multisite Environments — Head, Footer and Post InjectionsCWE-94 | 4.1 | Medium | 2025-02-21 |
| CVE-2024-5317 | Newsletter <= 8.3.4 - Unauthenticated Stored Cross-Site Scripting via np1 — Newsletter – Send awesome emails from WordPressCWE-79 | 6.4 | Medium | 2024-06-05 |
| CVE-2023-4772 | Newsletter <= 7.8.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Newsletter – Send awesome emails from WordPressCWE-79 | 6.4 | Medium | 2023-09-07 |
This page lists every published CVE security advisory associated with satollo. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.