VYPR

AWeber

by WordPress

CVEs (2)

  • CVE-2024-1793HigMar 13, 2024
    risk 0.47cvss 7.2epss 0.01

    The AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth plugin for WordPress is vulnerable to SQL Injection via the 'post_id' parameter in all versions up to, and including, 7.3.14 due to insufficient escaping on the user…

  • CVE-2024-13313MedMay 15, 2025
    risk 0.31cvss 4.8epss 0.00

    The AWeber WordPress plugin through 7.3.20 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite…