VYPR

Official Mailerlite Sign Up Forms

by WordPress

Source repositories

CVEs (4)

  • CVE-2024-1386MedMay 2, 2024
    risk 0.42cvss 6.4epss 0.00

    The MailerLite – Signup forms (official) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions 1.5.0 to 1.7.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible…

  • CVE-2022-33201MedAug 5, 2022
    risk 0.41cvss 6.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in MailerLite – Signup forms (official) plugin <= 1.5.7 at WordPress allows an attacker to change the API key.

  • CVE-2025-13993MedDec 12, 2025
    risk 0.29cvss 5.5epss 0.00

    The MailerLite – Signup forms (official) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'form_description' and 'success_message' parameters in versions up to, and including, 1.7.16 due to insufficient input sanitization and output escaping. This…

  • CVE-2024-2797MedMay 2, 2024
    risk 0.27cvss 5.3epss 0.01

    The MailerLite – Signup forms (official) plugin for WordPress is vulnerable to unauthorized plugin setting changes due to a missing capability check on the toggleRolesAndPermissions and editAllowedRolesAndPermissions functions in all versions up to, and including, 1.7.6. This…