CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2025/12/12 9:20 a.m.•19 views

CVE-2025-13993 MailerLite – Signup forms (official) <= 1.7.16 - Authenticated (Administrator+) Stored Cross-Site Scripting

5.5CVSS0.00042EPSS

CVE•added 2025/12/12 9:20 a.m.•10 views

CVE-2025-13993

CVE-2025-13993 - MailerLite – Signup forms (official) plugin for WordPress is affected up to version 1.7.16. The vulnerability is a Stored Cross-Site Scripting (Stored XSS) in the parameters form_description and success_message caused by insufficient input sanitization and output escaping. Exploi...

5.5CVSS4.7AI score0.00042EPSS

Patchstack•added 2025/12/12 12:18 a.m.•3 views

WordPress MailerLite – Signup forms (official) plugin <= 1.7.16 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by NosleeP++ in WordPress Plugin MailerLite versions = 1.7.16...

5.5CVSS5.5AI score0.00042EPSS

CNNVD•added 2025/12/12 12:0 a.m.•2 views

WordPress plugin MailerLite – Signup forms (official) 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

5.5CVSS5.8AI score0.00042EPSS

Positive Technologies•added 2024/05/02 12:0 a.m.•2 views

PT-2024-22175 · Mailerlite · Mailerlite – Signup Forms

Name of the Vulnerable Software and Affected Versions: MailerLite – Signup forms official plugin for WordPress versions up to, and including, 1.7.6 Description: The issue allows unauthorized plugin setting changes due to a missing capability check on the toggleRolesAndPermissions and...

5.3CVSS6.9AI score0.00182EPSS

Exploits0References5

Positive Technologies•added 2024/05/02 12:0 a.m.•2 views

PT-2024-17998 · WordPress · Mailerlite

Name of the Vulnerable Software and Affected Versions: MailerLite – Signup forms plugin for WordPress versions 1.5.0 through 1.7.6 Description: The issue is related to Stored Cross-Site Scripting via the plugin's shortcodes due to insufficient input sanitization and output escaping on user-suppli...

6.4CVSS5.7AI score0.00172EPSS

Exploits0References7

Patchstack•added 2024/04/30 7:14 a.m.•2 views

WordPress MailerLite – Signup forms (official) plugin <= 1.7.6 - Missing Authorization vulnerability

Missing Authorization vulnerability discovered by Krzysztof Zając in WordPress Plugin MailerLite versions = 1.7.6...

5.3CVSS7AI score0.00182EPSS

Patchstack•added 2024/04/30 12:0 a.m.•8 views

WordPress MailerLite – Signup forms Plugin <= 1.7.6 is vulnerable to Broken Access Control

Software MailerLite – Signup forms Type Plugin Vulnerable versions = 1.7.6 Fixed in 1.7.7 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-2797 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID d779eba11e1c Credits Krzysztof Zając...

5.3CVSS6.6AI score0.00182EPSS

Exploits0References3Affected Software1

Patchstack•added 2024/04/30 12:0 a.m.•5 views

WordPress MailerLite – Signup forms Plugin <= 1.7.6 is vulnerable to Cross Site Scripting (XSS)

Software MailerLite – Signup forms Type Plugin Vulnerable versions = 1.7.6 Fixed in 1.7.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1386 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID cf12af72ac5b Credits Richard Tellen...

6.4CVSS5.8AI score0.00172EPSS

Exploits0References3Affected Software1

WPVulnDB•added 2024/04/29 12:0 a.m.•15 views

MailerLite – Signup forms (official) < 1.7.7 - Missing Authorization

Description The MailerLite – Signup forms official plugin for WordPress is vulnerable to unauthorized plugin setting changes due to a missing capability check on the toggleRolesAndPermissions and editAllowedRolesAndPermissions functions in all versions up to, and including, 1.7.6. This makes it...

5.3CVSS6.7AI score0.00182EPSS

NVD•added 2022/08/05 4:15 p.m.•10 views

CVE-2022-33201

Cross-Site Request Forgery CSRF vulnerability in MailerLite – Signup forms official plugin = 1.5.7 at WordPress allows an attacker to change the API key...

8.8CVSS0.00104EPSS

OSV•added 2022/08/05 4:15 p.m.•2 views

CVE-2022-33201

Cross-Site Request Forgery CSRF vulnerability in MailerLite – Signup forms official plugin = 1.5.7 at WordPress allows an attacker to change the API key...

8.8CVSS5.8AI score0.00104EPSS

Cvelist•added 2022/08/05 3:8 p.m.•12 views

CVE-2022-33201 WordPress MailerLite – Signup forms (official) plugin <= 1.5.7 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in MailerLite – Signup forms official plugin = 1.5.7 at WordPress allows an attacker to change the API key...

6.3CVSS8.9AI score0.00104EPSS

CVE•added 2022/08/05 3:8 p.m.•453 views

CVE-2022-33201

CVE-2022-33201 affects the WordPress MailerLite – Signup forms (official) plugin, version 1.5.7 and earlier. The root cause is a missing CSRF check when updating the API key, enabling an attacker to change the API key via CSRF as described in multiple sources. The vulnerability is reported to imp...

8.8CVSS7.5AI score0.00104EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2022/08/05 3:8 p.m.•2 views

CVE-2022-33201 WordPress MailerLite – Signup forms (official) plugin <= 1.5.7 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in MailerLite – Signup forms official plugin = 1.5.7 at WordPress allows an attacker to change the API key...

6.3CVSS8AI score0.00104EPSS

CNNVD•added 2022/08/05 12:0 a.m.•1 views

WordPress plugin MailerLite – Signup forms (official) 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

8.8CVSS7.7AI score0.00104EPSS

Exploits0References3

Patchstack•added 2022/08/01 12:0 a.m.•26 views

WordPress MailerLite – Signup forms (official) plugin <= 1.5.7 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability leading to API key change discovered by Muhammad Daffa Patchstack Alliance in WordPress MailerLite – Signup forms official plugin versions = 1.5.7. Solution Update the WordPress MailerLite – Signup forms plugin to the latest available version at least...

8.8CVSS3.9AI score0.00104EPSS