CVE-2026-25420

The CVE-cited issue affects the WordPress MailerLite plugin, versions up to and including 1.7.18. The root cause is Missing/Incorrect Authorization due to broken access control in the official-mailerlite-sign-up-forms flow. Public mappings across Red Hat, NVD, CVE listing, and vulnerability datab...

CVE-2026-25420 WordPress MailerLite plugin <= 1.7.18 - Broken Access Control vulnerability

Missing Authorization vulnerability in MailerLite MailerLite official-mailerlite-sign-up-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MailerLite: from n/a through = 1.7.18...

PT-2026-20742

Missing Authorization vulnerability in MailerLite MailerLite official-mailerlite-sign-up-forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MailerLite: from n/a through = 1.7.18...

CVE-2026-1000 MailerLite - WooCommerce integration <= 3.1.3 - Missing Authorization to Data Deletion

The MailerLite - WooCommerce integration plugin for WordPress is vulnerable to unauthorized data modification and deletion in all versions up to, and including, 3.1.3. This is due to missing capability checks on the resetIntegration function. This makes it possible for authenticated attackers, wi...

CVE-2025-13993

The MailerLite – Signup forms official plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'formdescription' and 'successmessage' parameters in versions up to, and including, 1.7.16 due to insufficient input sanitization and output escaping. This makes it possible for...

EUVD-2024-51464

Malicious code in bioql PyPI...

The vulnerability of the Symfony Mailer Lite module in the Drupal CMS system, related to the manipulation of cross-site requests, allows a hacker to perform a CSRF attack.

The vulnerability of the Symfony Mailer Lite module in the Drupal CMS system is related to the manipulation of cross-site requests. Exploiting this vulnerability allows a malicious actor to perform a CSRF attack remotely...

CVE-2024-13250

Cross-Site Request Forgery CSRF vulnerability in Drupal Drupal Symfony Mailer Lite allows Cross Site Request Forgery.This issue affects Drupal Symfony Mailer Lite: from 0.0.0 before 1.0.6...

CVE-2024-13250

Cross-Site Request Forgery CSRF vulnerability in Drupal Drupal Symfony Mailer Lite allows Cross Site Request Forgery.This issue affects Drupal Symfony Mailer Lite: from 0.0.0 before 1.0.6...

CVE-2024-13250

CVE-2024-13250 maps to Drupal Symfony Mailer Lite CSRF vulnerability. Affected versions are 0.0.0 up to 1.0.5/1.0.6, with 1.0.6 as the fixed release. The issue allows CSRF exploitation in Drupal Symfony Mailer Lite, potentially enabling an attacker to perform unwanted actions on behalf of an auth...

CVE-2024-13250 Drupal Symfony Mailer Lite - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2024-014

Cross-Site Request Forgery CSRF vulnerability in Drupal Drupal Symfony Mailer Lite allows Cross Site Request Forgery.This issue affects Drupal Symfony Mailer Lite: from 0.0.0 before 1.0.6...

CVE-2024-13250 Drupal Symfony Mailer Lite - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2024-014

Cross-Site Request Forgery CSRF vulnerability in Drupal Drupal Symfony Mailer Lite allows Cross Site Request Forgery.This issue affects Drupal Symfony Mailer Lite: from 0.0.0 before 1.0.6...

Drupal 安全漏洞

Drupal is an open source content management system developed in the PHP language by the Drupal community. A security vulnerability exists in Drupal Symfony Mailer Lite prior to version 1.0.6, which stems from the inclusion of a cross-site request forgery vulnerability...

PT-2024-17998 · WordPress · Mailerlite

Name of the Vulnerable Software and Affected Versions: MailerLite – Signup forms plugin for WordPress versions 1.5.0 through 1.7.6 Description: The issue is related to Stored Cross-Site Scripting via the plugin's shortcodes due to insufficient input sanitization and output escaping on user-suppli...

CVE-2023-52223

Cross-Site Request Forgery CSRF vulnerability in MailerLite MailerLite – WooCommerce integration.This issue affects MailerLite – WooCommerce integration: from n/a through 2.0.8...

Drupal Symfony Mailer Lite - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2024-014

The module doesn’t sufficiently protect against malicious links, which means an attacker can trick an administrator into performing unwanted actions. This vulnerability is mitigated by the fact that the set of unwanted actions is limited to specific configurations...

WordPress Plugin MailerLite - WooCommerce integration Cross-site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on servers running PHP and MySQL. WordPress Plugin MailerLite - WooCommerce...

PT-2024-10076 · Drupal · Drupal Symfony Mailer Lite

Name of the Vulnerable Software and Affected Versions: Drupal Symfony Mailer Lite versions 0.0.0 through 1.0.6 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability, which can be exploited by a remote attacker to perform a CSRF attack. This vulnerability affects the...

CVE-2022-1604

The MailerLite WordPress plugin before 1.5.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting...