Aggregates CVE and security vulnerability intelligence across all mailpoet-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk csrf and related security problems, affecting vendor surface software deployment and vendor surface production workloads scenarios.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2018-20853 | An issue was discovered in the MailPoet Newsletters (aka wysija-newsletters) plugin before 2.8.2 for WordPress. The plugin is vulnerable to SPAM attacks. | [email protected] | 5.3 | 0.28% | 2019-11-06 | 2024-11-21 |
| CVE-2014-3907 | Cross-site request forgery (CSRF) vulnerability in the MailPoet Newsletters (wysija-newsletters) plugin before 2.6.11 for WordPress allows remote attackers to hijack the authentication of arbitrary users. | [email protected] | 6.8 | 0.10% | 2014-08-26 | 2026-05-06 |
| CVE-2014-4726 | Unspecified vulnerability in the MailPoet Newsletters (wysija-newsletters) plugin before 2.6.8 for WordPress has unspecified impact and attack vectors. | [email protected] | 7.5 | 0.35% | 2014-07-27 | 2026-05-06 |
| CVE-2014-4725 | The MailPoet Newsletters (wysija-newsletters) plugin before 2.6.7 for WordPress allows remote attackers to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in wp-content/uploads/wysija/themes/mailp/. | [email protected] | 7.5 | 81.79% | 2014-07-27 | 2026-05-06 |