CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-47540 – WordPress weMail <= 1.14.13 - Sensitive Data Exposure Vulnerability
https://notcve.org/view.php?id=CVE-2025-47540
07 May 2025 — Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in weDevs weMail allows Retrieve Embedded Sensitive Data. This issue affects weMail: from n/a through 1.14.13. The weMail – Email Marketing, Lead Generation, Optin Forms, Email Newsletters, A/B Testing, and Automation plugin for WordPress is vulnerable to Sensitive Information Exposure via the users() function in all versions up to, and including, 1.14.13. This makes it possible for unauthenticated attackers to extract ... • https://patchstack.com/database/wordpress/plugin/wemail/vulnerability/wordpress-wemail-1-14-13-sensitive-data-exposure-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43238 – WordPress weMail – Email Marketing, Newsletter, Optin Forms, Subscribers WordPress Plugin plugin <= 1.14.5 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-43238
12 Aug 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in weDevs weMail allows Reflected XSS.This issue affects weMail: from n/a through 1.14.5. The weMail plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.14.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesse... • https://patchstack.com/database/vulnerability/wemail/wordpress-wemail-email-marketing-newsletter-optin-forms-subscribers-wordpress-plugin-plugin-1-14-5-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34822 – WordPress weMail plugin <= 1.14.2 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-34822
15 May 2024 — Missing Authorization vulnerability in weDevs weMail.This issue affects weMail: from n/a through 1.14.2. Vulnerabilidad de autorización faltante en weDevs weMail. Este problema afecta a weMail: desde n/a hasta 1.14.2. The weMail plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the connect_notice() function in versions up to, and including, 1.14.2. This makes it possible for unauthenticated attackers to dismiss notices. • https://patchstack.com/database/vulnerability/wemail/wordpress-wemail-plugin-1-14-2-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •