CVE-2026-7618

The EnvíaloSimple: Email Marketing y Newsletters plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'orderby' parameter in all versions up to, and including, 2.4.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

CVE-2026-7618

The CVE-2026-7618 vulnerability affects the WordPress plugin EnvíaloSimple: Email Marketing y Newsletters (

CVE-2026-7618 EnvíaloSimple: Email Marketing y Newsletters <= 2.4.5 - Authenticated (Administrator+) SQL Injection via 'orderby' Parameter

The EnvíaloSimple: Email Marketing y Newsletters plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'orderby' parameter in all versions up to, and including, 2.4.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

CVE-2026-7618 EnvíaloSimple: Email Marketing y Newsletters <= 2.4.5 - Authenticated (Administrator+) SQL Injection via 'orderby' Parameter

The EnvíaloSimple: Email Marketing y Newsletters plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'orderby' parameter in all versions up to, and including, 2.4.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

PT-2026-43570

The EnvíaloSimple: Email Marketing y Newsletters plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'orderby' parameter in all versions up to, and including, 2.4.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

EUVD-2024-30389

Malicious code in bioql PyPI...

EUVD-2023-56135

Malicious code in bioql PyPI...

CVE-2023-51416

Cross-Site Request Forgery CSRF vulnerability in EnvialoSimple EnvíaloSimple.This issue affects EnvíaloSimple: from n/a through 2.2...

CVE-2024-32587 WordPress EnvíaloSimple plugin <= 2.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in EnvialoSimple EnvíaloSimple allows Reflected XSS.This issue affects EnvíaloSimple: from n/a through 2.2...

CVE-2024-32587

CVE-2024-32587 affects EnvialoSimple EnvíaloSimple (WordPress plugin) with a Reflected XSS in the plugin’s web page generation. Affected range: EnvíaloSimple from n/a through 2.2; connected Red Hat/ENISA entries confirm the cross-site scripting issue. The Wordfence vulnerability record shows a PA...

CVE-2024-32587 WordPress EnvíaloSimple plugin <= 2.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in EnvialoSimple EnvíaloSimple allows Reflected XSS.This issue affects EnvíaloSimple: from n/a through 2.2...

WordPress Plugin EnvíaloSimple 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin EnvíaloSimple: Email...

WordPress EnvíaloSimple plugin <= 2.2 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Yudistira Arya Patchstack Alliance in WordPress Plugin EnvíaloSimple versions = 2.2...

WordPress EnvíaloSimple Plugin <= 2.2 is vulnerable to Cross Site Scripting (XSS)

Software EnvíaloSimple Type Plugin Vulnerable versions = 2.2 Fixed in 2.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32587 Patch priority Medium CVSS severity Medium 5.8 Developer Claim ownership PSID ce11fde5722d Credits Yudistira Arya Required privilege...

CVE-2024-2125

The EnvíaloSimple: Email Marketing y Newsletters plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3. This is due to missing or incorrect nonce validation on the galleryadd function. This makes it possible for unauthenticated attackers to...

CVE-2024-2125

The EnvíaloSimple: Email Marketing y Newsletters plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3. This is due to missing or incorrect nonce validation on the galleryadd function. This makes it possible for unauthenticated attackers to...

CVE-2024-2125 EnvíaloSimple: Email Marketing y Newsletters <= 2.3 - Cross-Site Request Forgery to Arbitrary File Upload

The EnvíaloSimple: Email Marketing y Newsletters plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3. This is due to missing or incorrect nonce validation on the galleryadd function. This makes it possible for unauthenticated attackers to...

CVE-2024-2125 EnvíaloSimple: Email Marketing y Newsletters <= 2.3 - Cross-Site Request Forgery to Arbitrary File Upload

The EnvíaloSimple: Email Marketing y Newsletters plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3. This is due to missing or incorrect nonce validation on the galleryadd function. This makes it possible for unauthenticated attackers to...

WordPress Plugin EnvíaloSimple 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-18846 · WordPress · Envíalosimple

Name of the Vulnerable Software and Affected Versions: EnvíaloSimple: Email Marketing y Newsletters plugin for WordPress versions up to, and including, 2.3 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the gallery add function. Thi...