Mailpoet Newsletters Security Vulnerabilities and Issues — Mailpoet Newsletters CVE List

Lucene search

MailpoetMailpoet Newsletters

6 matches found

CVE•added 2014/07/27 6:55 p.m.•120 views

CVE-2014-4725

The MailPoet Newsletters (wysija-newsletters) plugin before 2.6.7 for WordPress allows remote attackers to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in wp-content/uploads/wysija/themes/mailp/.

7.5CVSS7.9AI score0.38519EPSS

CVE•added 2019/11/06 8:15 p.m.•101 views

CVE-2018-20853

An issue was discovered in the MailPoet Newsletters (aka wysija-newsletters) plugin before 2.8.2 for WordPress. The plugin is vulnerable to SPAM attacks.

5.3CVSS5.3AI score0.00282EPSS

CVE•added 2024/11/19 6:15 a.m.•42 views

CVE-2024-10103

In the process of testing the MailPoet WordPress plugin before 5.3.2, a vulnerability was found that allows you to implement Stored XSS on behalf of the editor by embedding malicious script, which entails account takeover backdoor

6.1CVSS6AI score0.00012EPSS

CVE•added 2014/08/26 2:55 p.m.•36 views

CVE-2014-3907

Cross-site request forgery (CSRF) vulnerability in the MailPoet Newsletters (wysija-newsletters) plugin before 2.6.11 for WordPress allows remote attackers to hijack the authentication of arbitrary users.

6.8CVSS7.5AI score0.00102EPSS

CVE•added 2014/07/27 6:55 p.m.•25 views

CVE-2014-4726

Unspecified vulnerability in the MailPoet Newsletters (wysija-newsletters) plugin before 2.6.8 for WordPress has unspecified impact and attack vectors.

7.5CVSS6.9AI score0.00352EPSS

CVE•added 2025/05/15 8:15 p.m.•23 views

CVE-2024-12743

The MailPoet WordPress plugin before 5.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

4.8CVSS5.7AI score0.00046EPSS