CVE-2025-13993
- EPSS 0.05%
- Veröffentlicht 12.12.2025 09:20:29
- Zuletzt bearbeitet 12.12.2025 15:17:31
The MailerLite – Signup forms (official) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'form_description' and 'success_message' parameters in versions up to, and including, 1.7.16 due to insufficient input sanitization and...
CVE-2024-2797
- EPSS 0.18%
- Veröffentlicht 02.05.2024 17:15:19
- Zuletzt bearbeitet 21.11.2024 09:10:32
The MailerLite – Signup forms (official) plugin for WordPress is vulnerable to unauthorized plugin setting changes due to a missing capability check on the toggleRolesAndPermissions and editAllowedRolesAndPermissions functions in all versions up to, ...
CVE-2024-1386
- EPSS 0.17%
- Veröffentlicht 02.05.2024 17:15:10
- Zuletzt bearbeitet 21.11.2024 08:50:28
The MailerLite – Signup forms (official) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions 1.5.0 to 1.7.6 due to insufficient input sanitization and output escaping on user supplied attributes...
CVE-2022-33201
- EPSS 0.1%
- Veröffentlicht 05.08.2022 16:15:13
- Zuletzt bearbeitet 21.11.2024 07:07:42
Cross-Site Request Forgery (CSRF) vulnerability in MailerLite – Signup forms (official) plugin <= 1.5.7 at WordPress allows an attacker to change the API key.
CVE-2022-1604
- EPSS 0.21%
- Veröffentlicht 13.06.2022 13:15:11
- Zuletzt bearbeitet 21.11.2024 06:41:03
The MailerLite WordPress plugin before 1.5.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting