Skip to main content

Mailerpress

2 CVEs product

Monthly

CVE-2026-57410 HIGH This Week

Privilege escalation in the MailerPress WordPress plugin (versions up to and including 2.0.2) lets an authenticated low-privilege user gain higher privileges through an incorrect privilege assignment flaw. The CVSS 3.1 vector (AV:N/AC:L/PR:L) indicates a network-reachable, low-complexity attack that any authenticated user can perform, yielding full confidentiality, integrity, and availability impact - effectively a takeover of the plugin's protected functionality or the WordPress site. There is no public exploit identified at time of analysis, and the issue is not listed in CISA KEV; it was reported through Patchstack.

Privilege Escalation Mailerpress
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2026-32353 MEDIUM This Month

MailerPress through version 1.4.2 contains a server-side request forgery (SSRF) vulnerability that allows authenticated attackers to make arbitrary network requests from the affected server. An attacker with valid credentials could exploit this to access internal services, scan the network, or interact with backend systems. No patch is currently available for this vulnerability.

SSRF Mailerpress
NVD VulDB
CVSS 3.1
6.4
EPSS
0.0%
EPSS 0% CVSS 8.8
HIGH This Week

Privilege escalation in the MailerPress WordPress plugin (versions up to and including 2.0.2) lets an authenticated low-privilege user gain higher privileges through an incorrect privilege assignment flaw. The CVSS 3.1 vector (AV:N/AC:L/PR:L) indicates a network-reachable, low-complexity attack that any authenticated user can perform, yielding full confidentiality, integrity, and availability impact - effectively a takeover of the plugin's protected functionality or the WordPress site. There is no public exploit identified at time of analysis, and the issue is not listed in CISA KEV; it was reported through Patchstack.

Privilege Escalation Mailerpress
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

MailerPress through version 1.4.2 contains a server-side request forgery (SSRF) vulnerability that allows authenticated attackers to make arbitrary network requests from the affected server. An attacker with valid credentials could exploit this to access internal services, scan the network, or interact with backend systems. No patch is currently available for this vulnerability.

SSRF Mailerpress
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy