VYPR

Wemail

by WordPress

Source repositories

CVEs (3)

  • CVE-2025-14339MedFeb 21, 2026
    risk 0.42cvss 6.5epss 0.00

    The weMail - Email Marketing, Lead Generation, Optin Forms, Email Newsletters, A/B Testing, and Automation plugin for WordPress is vulnerable to unauthorized form deletion in all versions up to, and including, 2.0.7. This is due to the `Forms::permission()` callback only…

  • CVE-2025-14348MedJan 20, 2026
    risk 0.34cvss 5.3epss 0.00

    The weMail - Email Marketing, Lead Generation, Optin Forms, Email Newsletters, A/B Testing, and Automation plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.0.7. This is due to the plugin's REST API trusting the `x-wemail-user`…

  • CVE-2026-8089Jun 17, 2026
    risk 0.00cvss epss 0.00

    The weMail: Email Marketing, Email Automation, Newsletters, Subscribers & Email Optins for WooCommerce WordPress plugin before 2.1.3 does not properly escape a user-supplied parameter before reflecting it into an HTML attribute on a non-nonce-protected AJAX response, allowing…