Vulnerabilities and security researches forenvialosimple-email-marketing-y-newsletters-gratis envialosimple-email-marketing-y-newsletters-gratis

May 28, 2026

CVE, Research URL: CVE-2026-7618
Home page URL: Security reports for EnvíaloSimple: Email Marketing y Newsletters
Application: EnvíaloSimple: Email Marketing y Newsletters
Date: May 27, 2026
Research Description: The EnvíaloSimple: Email Marketing y Newsletters plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'orderby' parameter in all versions up to, and including, 2.4.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Affected versions: max 2.4.5.
Status: vulnerable

Jun 07, 2024

CVE, Research URL: CVE-2024-32587
Home page URL: Security reports for EnvíaloSimple: Email Marketing y Newsletters
Application: EnvíaloSimple: Email Marketing y Newsletters
Date: Apr 18, 2024
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EnvialoSimple EnvíaloSimple allows Reflected XSS.This issue affects EnvíaloSimple: from n/a through 2.2.
Affected versions: max 2.3.
Status: vulnerable

CVE, Research URL: CVE-2014-4527
Home page URL: Security reports for EnvíaloSimple: Email Marketing y Newsletters
Application: EnvíaloSimple: Email Marketing y Newsletters
Date: Jul 03, 2014
Research Description: Multiple cross-site scripting (XSS) vulnerabilities in paginas/vista-previa-form.php in the EnvialoSimple: Email Marketing and Newsletters (envialosimple-email-marketing-y-newsletters-gratis) plugin before 1.98 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) FormID or (2) AdministratorID parameter.
Affected versions: max 1.98.
Status: vulnerable

CVE, Research URL: CVE-2023-51414
Home page URL: Security reports for EnvíaloSimple: Email Marketing y Newsletters
Application: EnvíaloSimple: Email Marketing y Newsletters
Date: Dec 29, 2023
Research Description: Deserialization of Untrusted Data vulnerability in EnvialoSimple EnvíaloSimple: Email Marketing y Newsletters.This issue affects EnvíaloSimple: Email Marketing y Newsletters: from n/a through 2.1.
Affected versions: max 2.2.
Status: vulnerable

CVE, Research URL: CVE-2023-51416
Home page URL: Security reports for EnvíaloSimple: Email Marketing y Newsletters
Application: EnvíaloSimple: Email Marketing y Newsletters
Date: Mar 26, 2024
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in EnvialoSimple EnvíaloSimple.This issue affects EnvíaloSimple: from n/a through 2.2.
Affected versions: max 2.3.
Status: vulnerable

CVE, Research URL: CVE-2024-2125
Home page URL: Security reports for EnvíaloSimple: Email Marketing y Newsletters
Application: EnvíaloSimple: Email Marketing y Newsletters
Date: Apr 10, 2024
Research Description: The EnvíaloSimple: Email Marketing y Newsletters plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3. This is due to missing or incorrect nonce validation on the gallery_add function. This makes it possible for unauthenticated attackers to upload malicious files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions: max 2.4.
Status: vulnerable