Skip to main content

Mailoptin

4 CVEs product

Monthly

CVE-2026-57813 CRITICAL Act Now

Privilege escalation in the MailOptin WordPress plugin (by properfraction) affects all versions up to and including 1.2.77.3, stemming from incorrect privilege assignment (CWE-266). An attacker can obtain elevated privileges within the WordPress site, potentially reaching administrator-level control that yields full confidentiality, integrity, and availability impact. No public exploit identified at time of analysis, and the flaw is not listed in CISA KEV; it was reported by Patchstack.

Privilege Escalation Mailoptin
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-8628 MEDIUM PATCH This Month

The Popup, Optin Form & Email Newsletters for Mailchimp, HubSpot, AWeber - MailOptin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'post-meta' shortcode in all. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Mailoptin
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-23980 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Mailoptin
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2022-36340 MEDIUM This Month

Unauthenticated Optin Campaign Cache Deletion vulnerability in MailOptin plugin <= 1.2.49.0 at WordPress. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Mailoptin
NVD
CVSS 3.1
5.3
EPSS
0.6%
EPSS 0% CVSS 9.8
CRITICAL Act Now

Privilege escalation in the MailOptin WordPress plugin (by properfraction) affects all versions up to and including 1.2.77.3, stemming from incorrect privilege assignment (CWE-266). An attacker can obtain elevated privileges within the WordPress site, potentially reaching administrator-level control that yields full confidentiality, integrity, and availability impact. No public exploit identified at time of analysis, and the flaw is not listed in CISA KEV; it was reported by Patchstack.

Privilege Escalation Mailoptin
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

The Popup, Optin Form & Email Newsletters for Mailchimp, HubSpot, AWeber - MailOptin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'post-meta' shortcode in all. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Mailoptin
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Mailoptin
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

Unauthenticated Optin Campaign Cache Deletion vulnerability in MailOptin plugin <= 1.2.49.0 at WordPress. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Mailoptin
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy