Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2026/01/21 6:33 a.m.9 views

CVE-2025-14348

The weMail - Email Marketing, Lead Generation, Optin Forms, Email Newsletters, A/B Testing, and Automation plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.0.7. This is due to the plugin's REST API trusting the x-wemail-user HTTP header to identif...

5.3CVSS5.5AI score0.00268EPSS
Exploits0References1
NVD
NVD
added 2026/01/20 5:16 a.m.5 views

CVE-2025-14348

The weMail - Email Marketing, Lead Generation, Optin Forms, Email Newsletters, A/B Testing, and Automation plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.0.7. This is due to the plugin's REST API trusting the x-wemail-user HTTP header to identif...

5.3CVSS0.00268EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/01/20 4:35 a.m.3 views

CVE-2025-14348

The weMail - Email Marketing, Lead Generation, Optin Forms, Email Newsletters, A/B Testing, and Automation plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.0.7. This is due to the plugin's REST API trusting the x-wemail-user HTTP header to identif...

5.3CVSS5.4AI score0.00268EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/01/20 4:35 a.m.23 views

CVE-2025-14348 weMail <= 2.0.7 - Insufficient Authorization via x-wemail-user Header to Sensitive Information Disclosure

The weMail - Email Marketing, Lead Generation, Optin Forms, Email Newsletters, A/B Testing, and Automation plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.0.7. This is due to the plugin's REST API trusting the x-wemail-user HTTP header to identif...

5.3CVSS0.00268EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/20 12:0 a.m.9 views

PT-2026-3535

The weMail - Email Marketing, Lead Generation, Optin Forms, Email Newsletters, A/B Testing, and Automation plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.0.7. This is due to the plugin's REST API trusting the x-wemail-user HTTP header to identif...

5.3CVSS5.5AI score0.00268EPSS
Exploits0References5
Patchstack
Patchstack
added 2026/01/19 10:12 p.m.6 views

WordPress weMail plugin <= 2.0.7 - Insufficient Authorization via x-wemail-user Header to Sensitive Information Disclosure vulnerability

Insufficient Authorization via x-wemail-user Header to Sensitive Information Disclosure vulnerability discovered by shark3y in WordPress Plugin weMail versions = 2.0.7...

5.3CVSS5.5AI score0.00268EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder