Mailpoet Newsletters vulnerabilities
4 known vulnerabilities affecting mailpoet/mailpoet_newsletters.
Total CVEs
4
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
HIGH2MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2014-4725P1HIGHCVSS 7.5ExploitedPoC≤ 2.6.6v0.9+66 more2014-07-27
CVE-2014-4725 [HIGH] CWE-287 CVE-2014-4725: The MailPoet Newsletters (wysija-newsletters) plugin before 2.6.7 for WordPress allows remote attack
The MailPoet Newsletters (wysija-newsletters) plugin before 2.6.7 for WordPress allows remote attackers to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in wp-content/uploads/wysija/themes/mailp/.
nvd
CVE-2014-4726P4HIGHCVSS 7.5≤ 2.6.7v0.9+67 more2014-07-27
CVE-2014-4726 [HIGH] CVE-2014-4726: Unspecified vulnerability in the MailPoet Newsletters (wysija-newsletters) plugin before 2.6.8 for W
Unspecified vulnerability in the MailPoet Newsletters (wysija-newsletters) plugin before 2.6.8 for WordPress has unspecified impact and attack vectors.
nvd
CVE-2014-3907P4MEDIUMCVSS 6.8≤ 2.6.10v0.9+70 more2014-08-26
CVE-2014-3907 [MEDIUM] CWE-352 CVE-2014-3907: Cross-site request forgery (CSRF) vulnerability in the MailPoet Newsletters (wysija-newsletters) plu
Cross-site request forgery (CSRF) vulnerability in the MailPoet Newsletters (wysija-newsletters) plugin before 2.6.11 for WordPress allows remote attackers to hijack the authentication of arbitrary users.
nvd
CVE-2018-20853P4MEDIUMCVSS 5.3fixed in 2.8.22019-11-06
CVE-2018-20853 [MEDIUM] CVE-2018-20853: An issue was discovered in the MailPoet Newsletters (aka wysija-newsletters) plugin before 2.8.2 for
An issue was discovered in the MailPoet Newsletters (aka wysija-newsletters) plugin before 2.8.2 for WordPress. The plugin is vulnerable to SPAM attacks.
nvd