Mailpoet
Products
2- 4 CVEs
- 2 CVEs
Recent CVEs
6| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-20853 | Med | 0.35 | 5.3 | 0.01 | Nov 6, 2019 | An issue was discovered in the MailPoet Newsletters (aka wysija-newsletters) plugin before 2.8.2 for WordPress. The plugin is vulnerable to SPAM attacks. | ||
| CVE-2014-4725 | 0.08 | — | 0.60 | Jul 27, 2014 | The MailPoet Newsletters (wysija-newsletters) plugin before 2.6.7 for WordPress allows remote attackers to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in… | |||
| CVE-2024-12743 | 0.00 | — | 0.00 | May 15, 2025 | The MailPoet WordPress plugin before 5.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite… | |||
| CVE-2024-10103 | 0.00 | — | 0.00 | Nov 19, 2024 | In the process of testing the MailPoet WordPress plugin before 5.3.2, a vulnerability was found that allows you to implement Stored XSS on behalf of the editor by embedding malicious script, which entails account takeover backdoor | |||
| CVE-2014-3907 | 0.00 | — | 0.01 | Aug 26, 2014 | Cross-site request forgery (CSRF) vulnerability in the MailPoet Newsletters (wysija-newsletters) plugin before 2.6.11 for WordPress allows remote attackers to hijack the authentication of arbitrary users. | |||
| CVE-2014-4726 | 0.00 | — | 0.02 | Jul 27, 2014 | Unspecified vulnerability in the MailPoet Newsletters (wysija-newsletters) plugin before 2.6.8 for WordPress has unspecified impact and attack vectors. |
- risk 0.35cvss 5.3epss 0.01
An issue was discovered in the MailPoet Newsletters (aka wysija-newsletters) plugin before 2.8.2 for WordPress. The plugin is vulnerable to SPAM attacks.
- CVE-2014-4725Jul 27, 2014risk 0.08cvss —epss 0.60
The MailPoet Newsletters (wysija-newsletters) plugin before 2.6.7 for WordPress allows remote attackers to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in…
- CVE-2024-12743May 15, 2025risk 0.00cvss —epss 0.00
The MailPoet WordPress plugin before 5.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite…
- CVE-2024-10103Nov 19, 2024risk 0.00cvss —epss 0.00
In the process of testing the MailPoet WordPress plugin before 5.3.2, a vulnerability was found that allows you to implement Stored XSS on behalf of the editor by embedding malicious script, which entails account takeover backdoor
- CVE-2014-3907Aug 26, 2014risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in the MailPoet Newsletters (wysija-newsletters) plugin before 2.6.11 for WordPress allows remote attackers to hijack the authentication of arbitrary users.
- CVE-2014-4726Jul 27, 2014risk 0.00cvss —epss 0.02
Unspecified vulnerability in the MailPoet Newsletters (wysija-newsletters) plugin before 2.6.8 for WordPress has unspecified impact and attack vectors.