Aweber Security Vulnerabilities and Issues — Aweber CVE List

Lucene search

AweberAweber

3 matches found

CVE•added 2023/11/17 9:15 a.m.•78 views

CVE-2023-47757

Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in AWeber AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth allows Accessing Functionality Not Properly Constrained by ACLs, Cross-Site Request Forgery.This issue affects ...

8.8CVSS6.3AI score0.00097EPSS

CVE•added 2024/03/13 4:15 p.m.•35 views

CVE-2024-1793

The AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth plugin for WordPress is vulnerable to SQL Injection via the 'post_id' parameter in all versions up to, and including, 7.3.14 due to insufficient escaping on the user supplied parameter and...

7.2CVSS7.5AI score0.00465EPSS

CVE•added 2025/05/15 8:15 p.m.•18 views

CVE-2024-13313

The AWeber WordPress plugin through 7.3.20 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

4.8CVSS5.7AI score0.00046EPSS