VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 5 known issues Latest disclosed Apr 16, 2024

EnvíaloSimple: Email Marketing y Newsletters Vulnerabilities

Review known vulnerability records for the WordPress plugin EnvíaloSimple: Email Marketing y Newsletters (`envialosimple-email-marketing-y-newsletters-gratis`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2024-32587, CVE-2024-2125 and CVE-2023-51416, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed
Known Records
5
High or Critical
1
Patch Coverage
100%
Last Updated
Jun 05, 2024
Priority CVE Quick Links

Fast paths into EnvíaloSimple: Email Marketing y Newsletters CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs
5
CVE-2024-2125 High 2.4
CVE-2024-2125 EnvíaloSimple: Email Marketing y Newsletters Arbitrary File Upload

EnvíaloSimple: Email Marketing y Newsletters <= 2.3 - Cross-Site Request Forgery to Arbitrary File Upload

CVE-2023-51414 Medium 2.2
CVE-2023-51414 EnvíaloSimple: Email Marketing y Newsletters Vulnerability

EnvíaloSimple <= 2.1 Unauthenticated PHP Object Injection

CVE-2024-32587 Medium 2.3
CVE-2024-32587 EnvíaloSimple: Email Marketing y Newsletters Cross-Site Scripting

EnvíaloSimple: Email Marketing y Newsletters <= 2.2 - Reflected Cross-Site Scripting

CVE-2014-4527 Medium 1.98
CVE-2014-4527 EnvíaloSimple: Email Marketing y Newsletters Cross-Site Scripting

EnvialoSimple: Email Marketing y Newsletters < 1.98 - Cross-Site Scripting

CVE-2023-51416 Medium 2.3
CVE-2023-51416 EnvíaloSimple: Email Marketing y Newsletters Cross-Site Request Forgery

EnvíaloSimple <= 2.2 - Cross-Site Request Forgery

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for EnvíaloSimple: Email Marketing y Newsletters so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility
5 records include a published patch path, leaving 0 with no listed safe release yet.
Severity Mix
0 critical and 1 high severity finding.
Recent CVEs
CVE-2024-32587, CVE-2024-2125 and CVE-2023-51416
Reference Workflow
Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.
Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

Known Vulnerabilities

Reports for EnvíaloSimple: Email Marketing y Newsletters

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: Yes CVE-2024-32587
CVE-2024-32587: EnvíaloSimple: Email Marketing y Newsletters <= 2.2 - Reflected Cross-Site Scripting

The EnvíaloSimple: Email Marketing y Newsletters plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inje...

Published
Apr 16, 2024
Patched Release
2.3
Affected Versions
Versions up to 2.2
Next Step
Update to 2.3 or newer if supported.
Open CVE-2024-32587 Report Open CVE Reference
Plugin High Patched: Yes CVE-2024-2125
CVE-2024-2125: EnvíaloSimple: Email Marketing y Newsletters <= 2.3 - Cross-Site Request Forgery to Arbitrary File Upload

The EnvíaloSimple: Email Marketing y Newsletters plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3. This is due to missing or incorrect nonce validation on the gallery_add function. This makes it possible for unauthenticate...

Published
Apr 01, 2024
Patched Release
2.4
Affected Versions
Versions up to 2.3
Next Step
Update to 2.4 or newer if supported.
Open CVE-2024-2125 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2023-51416
CVE-2023-51416: EnvíaloSimple <= 2.2 - Cross-Site Request Forgery

The EnvíaloSimple plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via...

Published
Dec 27, 2023
Patched Release
2.3
Affected Versions
Versions up to 2.2
Next Step
Update to 2.3 or newer if supported.
Open CVE-2023-51416 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2023-51414
CVE-2023-51414: EnvíaloSimple <= 2.1 Unauthenticated PHP Object Injection

The EnvíaloSimple: Email Marketing y Newsletters plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.1 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No POP chain...

Published
Dec 27, 2023
Patched Release
2.2
Affected Versions
Versions up to 2.1
Next Step
Update to 2.2 or newer if supported.
Open CVE-2023-51414 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2014-4527
CVE-2014-4527: EnvialoSimple: Email Marketing y Newsletters < 1.98 - Cross-Site Scripting

Multiple cross-site scripting (XSS) vulnerabilities in paginas/vista-previa-form.php in the EnvialoSimple: Email Marketing and Newsletters (envialosimple-email-marketing-y-newsletters-gratis) plugin before 1.98 for WordPress allow remote attackers to inject arbitrary web script o...

Published
May 28, 2014
Patched Release
1.98
Affected Versions
Versions up to 1.97
Next Step
Update to 1.98 or newer if supported.
Open CVE-2014-4527 Report Open CVE Reference