cleantalk
Vulnerabilities and Security Researches

MailerLite – Signup forms (official), CVE-2025-13993

CVE, Research URL

CVE-2025-13993

Home page URL

Security reports for MailerLite – Signup forms (official)

Application

MailerLite – Signup forms (official)

Published on
Dec 12, 2025
Research Description
The MailerLite – Signup forms (official) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'form_description' and 'success_message' parameters in versions up to, and including, 1.7.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
max 1.7.17.
Status
vulnerable
Previous vulnerability researches
WP Abstracts (CVE-2024-50411) , Oct 28, 2024
WP Abstracts (CVE-2024-12385) , Jan 20, 2025
WP Abstracts (CVE-2025-32591) , Apr 11, 2025
WP Abstracts (CVE-2024-44045) , Sep 26, 2024
WP Abstracts (CVE-2023-29385) , Jun 07, 2024
New vulnerability
Lucky Wheel for WooCommerce – Spin a Sale (CVE-2025-14509) , Jan 10, 2026
WP Voting Contest Lite (CVE-2025-60086) , Jan 10, 2026
Custom Related Posts (CVE-2025-68033) , Jan 10, 2026
Image Photo Gallery Final Tiles Grid (CVE-2025-13693) , Jan 10, 2026
Image Photo Gallery Final Tiles Grid (CVE-2025-14455) , Jan 10, 2026