cleantalk
Vulnerabilities and Security Researches

weMail – Email Marketing, Newsletter, Optin Forms, Subscribers WordPress Plugin, CVE-2026-8089

CVE, Research URL

CVE-2026-8089

Home page URL

Security reports for weMail – Email Marketing, Newsletter, Optin Forms, Subscribers WordPress Plugin

Application

weMail – Email Marketing, Newsletter, Optin Forms, Subscribers WordPress Plugin

Published on
Jun 17, 2026
Research Description
The weMail: Email Marketing, Email Automation, Newsletters, Subscribers & Email Optins for WooCommerce WordPress plugin before 2.1.3 does not properly escape a user-supplied parameter before reflecting it into an HTML attribute on a non-nonce-protected AJAX response, allowing unauthenticated attackers to deliver Reflected Cross-Site Scripting against any authenticated user (including administrators) via a crafted URL.
Affected versions
max 2.1.3.
Status
vulnerable
Previous vulnerability researches
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder (6915212aa945894d15599f8cba927c82020049a6) , Jun 16, 2026
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder (1c1ce219d063c0f054aedd2d97d1e4eae4793edf) , Jun 16, 2026
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder (70d2c2bdafc17581f6352efce88ef5b2b1447cfc) , Jun 16, 2026
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder (39f2b937cc8453e5b438df1d242bcfbebd61a1e9) , Jun 16, 2026
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder (CVE-2018-25346) , May 26, 2026
New vulnerability
weMail – Email Marketing, Newsletter, Optin Forms, Subscribers WordPress Plugin (CVE-2026-8089) , Jun 20, 2026
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder (CVE-2026-11777) , Jun 19, 2026
Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder (CVE-2026-11776) , Jun 19, 2026
LearnPress – WordPress LMS Plugin (CVE-2026-8383) , Jun 19, 2026
WP Travel Gutenberg Blocks (CVE-2026-54808) , Jun 19, 2026