cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches forwoo-mailerlite woo-mailerlite

Direction: ascending
Jun 06, 2024

MailerLite – WooCommerce integration # CVE-2023-52223

CVE, Research URL

CVE-2023-52223

Home page URL

Security reports for MailerLite – WooCommerce integration

Application

MailerLite – WooCommerce integration

Date
Feb 28, 2024
Research Description
Cross-Site Request Forgery (CSRF) vulnerability in MailerLite MailerLite – WooCommerce integration.This issue affects MailerLite – WooCommerce integration: from n/a through 2.0.8.
Affected versions
max 2.0.9.
Status
vulnerable
Jun 10, 2024

MailerLite – WooCommerce integration # CVE-2023-52227

CVE, Research URL

CVE-2023-52227

Home page URL

Security reports for MailerLite – WooCommerce integration

Application

MailerLite – WooCommerce integration

Date
Jun 11, 2024
Research Description
Missing Authorization vulnerability in MailerLite MailerLite – WooCommerce integration.This issue affects MailerLite – WooCommerce integration: from n/a through 2.0.8.
Affected versions
max 2.0.9.
Status
vulnerable
Jan 27, 2026

MailerLite – WooCommerce integration # CVE-2025-67945

CVE, Research URL

CVE-2025-67945

Home page URL

Security reports for MailerLite – WooCommerce integration

Application

MailerLite – WooCommerce integration

Date
Jan 22, 2026
Research Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MailerLite MailerLite – WooCommerce integration woo-mailerlite allows SQL Injection.This issue affects MailerLite – WooCommerce integration: from n/a through <= 3.1.2.
Affected versions
max 3.1.2.
Status
vulnerable
Apr 22, 2026

MailerLite &#8211; WooCommerce integration # CVE-2026-1000

CVE, Research URL

CVE-2026-1000

Home page URL

Security reports for MailerLite &#8211; WooCommerce integration

Application

MailerLite &#8211; WooCommerce integration

Date
Jan 16, 2026
Research Description
The MailerLite - WooCommerce integration plugin for WordPress is vulnerable to unauthorized data modification and deletion in all versions up to, and including, 3.1.3. This is due to missing capability checks on the resetIntegration() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to reset the plugin's integration settings, delete all plugin options, and drop the plugin's database tables (woo_mailerlite_carts and woo_mailerlite_jobs), resulting in complete loss of plugin data including customer abandoned cart information and sync job history.
Affected versions
max 3.1.4.
Status
vulnerable