VYPR

Wemail

by Leevio

CVEs (4)

  • CVE-2024-43238HigAug 18, 2024
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weDevs weMail wemail allows DOM-Based XSS.This issue affects weMail: from n/a through <= 1.14.5.

  • CVE-2025-14339MedFeb 21, 2026
    risk 0.42cvss 6.5epss 0.00

    The weMail - Email Marketing, Lead Generation, Optin Forms, Email Newsletters, A/B Testing, and Automation plugin for WordPress is vulnerable to unauthorized form deletion in all versions up to, and including, 2.0.7. This is due to the `Forms::permission()` callback only…

  • CVE-2025-47540MedMay 7, 2025
    risk 0.34cvss 5.3epss 0.00

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in weDevs weMail wemail allows Retrieve Embedded Sensitive Data.This issue affects weMail: from n/a through <= 1.14.13.

  • CVE-2024-34822Jun 11, 2024
    risk 0.00cvss epss 0.00

    Missing Authorization vulnerability in weDevs weMail.This issue affects weMail: from n/a through 1.14.2.