Mailpoet Newsletters

mailpoet_newsletters

Vendor: Mailpoet • 4 CVEs

CVEs (4)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-20853 1Mailpoet 1Mailpoet Newsletters Nov 21, 2024 Nov 6, 2019 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 An issue was discovered in the MailPoet Newsletters (aka wysija-newsletters) plugin before 2.8.2 for WordPress. The plugin is vulnerable to SPAM attacks.
CVE-2014-3907 1Mailpoet 1Mailpoet Newsletters May 6, 2026 Aug 26, 2014 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in the MailPoet Newsletters (wysija-newsletters) plugin before 2.6.11 for WordPress allows remote attackers to hijack the authentication of arbitrary users.
CVE-2014-4726 1Mailpoet 1Mailpoet Newsletters May 6, 2026 Jul 27, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 Unspecified vulnerability in the MailPoet Newsletters (wysija-newsletters) plugin before 2.6.8 for WordPress has unspecified impact and attack vectors.
CVE-2014-4725 1Mailpoet 1Mailpoet Newsletters May 6, 2026 Jul 27, 2014 N/A· v4 N/A· v3 7.5 HIGH· v2 The MailPoet Newsletters (wysija-newsletters) plugin before 2.6.7 for WordPress allows remote attackers to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php a...Show more The MailPoet Newsletters (wysija-newsletters) plugin before 2.6.7 for WordPress allows remote attackers to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in wp-content/uploads/wysija/themes/mailp/.Show less