CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-33201 – WordPress MailerLite – Signup forms (official) plugin <= 1.5.7 - Cross-Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2022-33201
01 Aug 2022 — Cross-Site Request Forgery (CSRF) vulnerability in MailerLite – Signup forms (official) plugin <= 1.5.7 at WordPress allows an attacker to change the API key. Una vulnerabilidad de falsificación de tipo Cross-Site Request Forgery (CSRF) en el plugin MailerLite - Signup forms (official) versiones anteriores a 1.5.7 incluyéndola, en WordPress permite a un atacante cambiar la clave API The MailerLite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.7. This ... • https://patchstack.com/database/vulnerability/official-mailerlite-sign-up-forms/wordpress-mailerlite-signup-forms-official-plugin-1-5-7-cross-site-request-forgery-csrf-vulnerability • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1604 – MailerLite < 1.5.4 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-1604
18 May 2022 — The MailerLite WordPress plugin before 1.5.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting El plugin MailerLite de WordPress versiones anteriores a 1.5.4, no sanea y escapa de un parámetro antes de devolverlo a la página, conllevando a un ataque de tipo Cross-Site Scripting Reflejado • https://wpscan.com/vulnerability/557c1c49-7195-4085-b67a-9fd8aca57845 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •