cleantalk
Vulnerabilities and Security Researches

AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth, CVE-2024-1793

CVE, Research URL

CVE-2024-1793

Home page URL

Security reports for AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth

Application

AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth

Published on
Mar 13, 2024
Research Description
The AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth plugin for WordPress is vulnerable to SQL Injection via the 'post_id' parameter in all versions up to, and including, 7.3.14 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Affected versions
Min -, max 7.3.15.
Status
vulnerable
Previous vulnerability researches
AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth (CVE-2024-13313) , May 17, 2025
AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth (CVE-2023-47757) , Jun 07, 2024
AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth (CVE-2024-1793) , Jun 07, 2024
New vulnerability
AHAthat Plugin (CVE-2024-11269) , May 17, 2025
WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting (CVE-2024-12812) , May 17, 2025
WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting (CVE-2024-12808) , May 17, 2025
Badgearoo (CVE-2024-13828) , May 17, 2025
Melapress File Monitor (CVE-2024-10009) , May 17, 2025