← Back

Envialosimple\

envialosimple\

Vendor: Donweb • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2024-2125
1Donweb
1Envialosimple\
Apr 8, 2026
Apr 9, 2024
N/A· v4
8.8 HIGH· v3
N/A· v2
The EnvíaloSimple: Email Marketing y Newsletters plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3. This is due to missing or incorrect nonce validation on the gal...Show more
The EnvíaloSimple: Email Marketing y Newsletters plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3. This is due to missing or incorrect nonce validation on the gallery_add function. This makes it possible for unauthenticated attackers to upload malicious files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. The Cross-Site Request Forgery was patched in 2.4, however, nothing was done about the ability to upload arbitrary files.Show less
CVE-2023-51414
1Donweb
1Envialosimple\
Apr 28, 2026
Dec 29, 2023
N/A· v4
9.8 CRITICAL· v3
N/A· v2
Deserialization of Untrusted Data vulnerability in EnvialoSimple EnvíaloSimple: Email Marketing y Newsletters.This issue affects EnvíaloSimple: Email Marketing y Newsletters: from n/a through 2.1.