Mailpoet

mailpoet

Vendor: Automattic • 3 CVEs

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-12743 1Automattic 1Mailpoet Jun 10, 2025 May 15, 2025 N/A· v4 4.8 MEDIUM· v3 N/A· v2 The MailPoet WordPress plugin before 5.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_...Show more The MailPoet WordPress plugin before 5.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).Show less
CVE-2024-10103 1Automattic 1Mailpoet Jun 12, 2025 Nov 19, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 In the process of testing the MailPoet WordPress plugin before 5.3.2, a vulnerability was found that allows you to implement Stored XSS on behalf of the editor by embedding malicious script, which entails account takeov...Show more In the process of testing the MailPoet WordPress plugin before 5.3.2, a vulnerability was found that allows you to implement Stored XSS on behalf of the editor by embedding malicious script, which entails account takeover backdoorShow less
CVE-2019-11843 1Automattic 1Mailpoet May 28, 2025 Jun 2, 2020 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 The MailPoet plugin before 3.23.2 for WordPress allows remote attackers to inject arbitrary web script or HTML using extra parameters in the URL (Reflective Server-Side XSS).