CVE-2026-7618

The EnvíaloSimple: Email Marketing y Newsletters plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'orderby' parameter in all versions up to, and including, 2.4.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

CVE-2026-7618

The CVE-2026-7618 vulnerability affects the WordPress plugin EnvíaloSimple: Email Marketing y Newsletters (

CVE-2024-2125

The EnvíaloSimple: Email Marketing y Newsletters plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3. This is due to missing or incorrect nonce validation on the galleryadd function. This makes it possible for unauthenticated attackers to...

PT-2024-18846 · WordPress · Envíalosimple

Name of the Vulnerable Software and Affected Versions: EnvíaloSimple: Email Marketing y Newsletters plugin for WordPress versions up to, and including, 2.3 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the gallery add function. Thi...

CVE-2023-51414 WordPress EnvíaloSimple Plugin <= 2.1 is vulnerable to PHP Object Injection

Deserialization of Untrusted Data vulnerability in EnvialoSimple EnvíaloSimple: Email Marketing y Newsletters.This issue affects EnvíaloSimple: Email Marketing y Newsletters: from n/a through 2.1...

WordPress EnvíaloSimple Plugin <= 2.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software EnvíaloSimple Type Plugin Vulnerable versions = 2.2 Fixed in 2.3 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-51416 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID dc985a8b2f1a Credits Rafie Muhammad Patchstack...