VYPR

Brevo

by WordPress

CVEs (2)

  • CVE-2025-14799MedFeb 18, 2026
    risk 0.35cvss 6.5epss 0.00

    The Brevo - Email, SMS, Web Push, Chat, and more. plugin for WordPress is vulnerable to authorization bypass due to type juggling in all versions up to, and including, 3.3.0. This is due to the use of loose comparison (==) instead of strict comparison (===) when validating the…

  • CVE-2024-8477Oct 10, 2024
    risk 0.00cvss epss 0.00

    The Newsletter, SMTP, Email marketing and Subscribe forms by Brevo (formely Sendinblue) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.87. This is due to missing or incorrect nonce validation on the Init() function.…