CVE-2026-25420

Missing Authorization vulnerability in MailerLite MailerLite official-mailerlite-sign-up-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MailerLite: from n/a through = 1.7.18...

CVE-2026-25420

The CVE-cited issue affects the WordPress MailerLite plugin, versions up to and including 1.7.18. The root cause is Missing/Incorrect Authorization due to broken access control in the official-mailerlite-sign-up-forms flow. Public mappings across Red Hat, NVD, CVE listing, and vulnerability datab...

CVE-2026-25420

Missing Authorization vulnerability in MailerLite MailerLite official-mailerlite-sign-up-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MailerLite: from n/a through = 1.7.18...

CVE-2026-25420 WordPress MailerLite plugin <= 1.7.18 - Broken Access Control vulnerability

Missing Authorization vulnerability in MailerLite MailerLite official-mailerlite-sign-up-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MailerLite: from n/a through = 1.7.18...

Official MailerLite Sign Up Forms < 1.4.5 - Multiple CSRF Issues

Despite fixing the SQL injection, the plugin was still affected by CSRF issues, which could allow an attacker to make a logged in administrator edit, add, and delete arbitrary signup form views...

Official MailerLite Sign Up Forms < 1.4.4 - Unauthenticated SQL Injection

Most methods in the MailerLite plugin do not sanitize user input data which causes SQL injection. Also no single method checks for a nonce token which causes a CSRF issue everywhere. PoC One example would be to inject the payload 1 union all select database,2,3,1,5 into the formid GET parameter o...

Official MailerLite Sign Up Forms < 1.4.4 - Unauthenticated SQL Injection

Most methods in the MailerLite plugin do not sanitize user input data which causes SQL injection. Also no single method checks for a nonce token which causes a CSRF issue everywhere. One example would be to inject the payload 1 union all select database,2,3,1,5 into the formid GET parameter of th...

WordPress Official MailerLite Sign Up Forms plugin <= 1.4.3 - Unauthenticated SQL Injection (SQLi) vulnerability

Unauthenticated SQL Injection SQLi vulnerability found by Dave WebARX in WordPress Official MailerLite Sign Up Forms plugin versions = 1.4.3. Solution Update the WordPress Official MailerLite Sign Up Forms plugin to the latest available version at least 1.4.4...

CVE-2016-10903

The GoDaddy godaddy-email-marketing-sign-up-forms plugin before 1.1.3 for WordPress has CSRF...

CVE-2016-10903

CVE-2016-10903 is a CSRF vulnerability in the GoDaddy WordPress plugin GoDaddy Email Marketing Sign-Up Forms, affected in versions before 1.1.3. Multiple sources (NVD, Red Hat, CNVD, PRION, CVE lists, and WPVulndb) consistently identify the issue as cross-site request forgery within this plugin. ...