Browse all 3 CVE security advisories affecting EnvialoSimple. AI-powered Chinese analysis, POCs, and references for each vulnerability.
EnvialoSimple is a mass email marketing platform that enables businesses to create and send email campaigns to large subscriber lists. Historically, the application has been vulnerable to multiple security issues, including cross-site scripting (XSS), remote code execution (RCE), and privilege escalation vulnerabilities. These weaknesses often stem from insufficient input validation and improper access controls. The platform currently has three CVEs on record, highlighting ongoing security challenges. While no major public security incidents have been widely reported, the recurring nature of these vulnerabilities suggests potential risks for organizations using the service, particularly regarding data protection and unauthorized access to campaign management functions.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-32587 | WordPress EnvíaloSimple plugin <= 2.2 - Reflected Cross Site Scripting (XSS) vulnerability — EnvíaloSimpleCWE-79 | 5.8 | Medium | 2024-04-18 |
| CVE-2023-51416 | WordPress EnvíaloSimple plugin <= 2.2 - Cross Site Request Forgery (CSRF) vulnerability — EnvíaloSimpleCWE-352 | 6.5 | Medium | 2024-03-26 |
| CVE-2023-51414 | WordPress EnvíaloSimple Plugin <= 2.1 is vulnerable to PHP Object Injection — EnvíaloSimple: Email Marketing y NewslettersCWE-502 | 9.6 | Critical | 2023-12-29 |
This page lists every published CVE security advisory associated with EnvialoSimple. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.