VYPR

Mailerlite

by WordPress

CVEs (5)

  • CVE-2026-1000MedJan 16, 2026
    risk 0.42cvss 6.5epss 0.00

    The MailerLite - WooCommerce integration plugin for WordPress is vulnerable to unauthorized data modification and deletion in all versions up to, and including, 3.1.3. This is due to missing capability checks on the resetIntegration() function. This makes it possible for…

  • CVE-2024-1386MedMay 2, 2024
    risk 0.42cvss 6.4epss 0.00

    The MailerLite – Signup forms (official) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions 1.5.0 to 1.7.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible…

  • CVE-2022-33201MedAug 5, 2022
    risk 0.41cvss 6.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in MailerLite – Signup forms (official) plugin <= 1.5.7 at WordPress allows an attacker to change the API key.

  • CVE-2022-1604MedJun 13, 2022
    risk 0.40cvss 6.1epss 0.01

    The MailerLite WordPress plugin before 1.5.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting

  • CVE-2024-2797MedMay 2, 2024
    risk 0.27cvss 5.3epss 0.01

    The MailerLite – Signup forms (official) plugin for WordPress is vulnerable to unauthorized plugin setting changes due to a missing capability check on the toggleRolesAndPermissions and editAllowedRolesAndPermissions functions in all versions up to, and including, 1.7.6. This…