CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/06/17 6:0 a.m.•27 views

CVE-2026-8089 weMail < 2.1.3 - Reflected Cross-Site Scripting

0.00215EPSS

CVE•added 2026/06/17 6:0 a.m.•13 views

CVE-2026-8089

CVE-2026-8089 affects the weMail plugin for WooCommerce (WordPress) prior to version 2.1.3. The issue is a reflected Cross-Site Scripting (XSS) vulnerability caused by not escaping a user-supplied parameter before reflecting it into an HTML attribute in a non-nonce-protected AJAX response. This a...

7.1CVSS5.2AI score0.00215EPSS

RedhatCVE•added 2026/02/22 1:25 p.m.•8 views

CVE-2025-14339

The weMail - Email Marketing, Lead Generation, Optin Forms, Email Newsletters, A/B Testing, and Automation plugin for WordPress is vulnerable to unauthorized form deletion in all versions up to, and including, 2.0.7. This is due to the Forms::permission callback only validating the X-WP-Nonce...

NVD•added 2026/02/21 10:16 a.m.•6 views

CVE-2025-14339

6.5CVSS0.00262EPSS

Cvelist•added 2026/02/21 9:27 a.m.•21 views

CVE-2025-14339 weMail <= 2.0.7 - Missing Authorization to Unauthenticated Form Deletion

6.5CVSS0.00262EPSS

Vulnrichment•added 2026/02/21 9:27 a.m.•4 views

CVE-2025-14339 weMail <= 2.0.7 - Missing Authorization to Unauthenticated Form Deletion

6.5CVSS5.4AI score0.00262EPSS

ATTACKERKB•added 2026/02/21 9:27 a.m.•8 views

CVE-2025-14339

CVE•added 2026/02/21 9:27 a.m.•14 views

Exploits0References6

CVE-2025-14339

The weMail WordPress plugin (versions up to 2.0.7) is vulnerable to unauthorized deletion of all forms. The root cause is Forms::permission() only validating the X-WP-Nonce header without checking user capabilities, and the REST nonce is exposed to unauthenticated visitors via the weMail JavaScri...

CNNVD•added 2026/02/21 12:0 a.m.•7 views

WordPress plugin weMail 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.5CVSS5.8AI score0.00262EPSS

Positive Technologies•added 2026/02/21 12:0 a.m.•7 views

PT-2026-21373

RedhatCVE•added 2026/01/21 6:33 a.m.•9 views

Exploits0References6

CVE-2025-14348

The weMail - Email Marketing, Lead Generation, Optin Forms, Email Newsletters, A/B Testing, and Automation plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.0.7. This is due to the plugin's REST API trusting the x-wemail-user HTTP header to identif...

NVD•added 2026/01/20 5:16 a.m.•4 views

CVE-2025-14348

5.3CVSS0.00268EPSS

CVE•added 2026/01/20 4:35 a.m.•18 views

CVE-2025-14348

The CVE-2025-14348 entry concerns the weMail WordPress plugin (versions

ATTACKERKB•added 2026/01/20 4:35 a.m.•3 views

CVE-2025-14348

5.3CVSS5.4AI score0.00268EPSS

Cvelist•added 2026/01/20 4:35 a.m.•21 views

CVE-2025-14348 weMail <= 2.0.7 - Insufficient Authorization via x-wemail-user Header to Sensitive Information Disclosure

5.3CVSS0.00268EPSS

Vulnrichment•added 2026/01/20 4:35 a.m.•4 views

CVE-2025-14348 weMail <= 2.0.7 - Insufficient Authorization via x-wemail-user Header to Sensitive Information Disclosure

Positive Technologies•added 2026/01/20 12:0 a.m.•6 views

PT-2026-3535

CNNVD•added 2026/01/20 12:0 a.m.•3 views

WordPress plugin weMail has a licensing issue vulnerability

5.3CVSS5.8AI score0.00268EPSS

Patchstack•added 2026/01/19 10:12 p.m.•4 views

WordPress weMail plugin <= 2.0.7 - Insufficient Authorization via x-wemail-user Header to Sensitive Information Disclosure vulnerability

Insufficient Authorization via x-wemail-user Header to Sensitive Information Disclosure vulnerability discovered by shark3y in WordPress Plugin weMail versions = 2.0.7...