Browse all 9 CVE security advisories affecting mailerlite. AI-powered Chinese analysis, POCs, and references for each vulnerability.
MailerLite provides email marketing and automation services for businesses. Historically, vulnerabilities have included stored cross-site scripting (XSS), remote code execution (RCE), and privilege escalation flaws, often stemming from input validation failures and insecure direct object references. The platform has addressed multiple security issues, with nine CVEs recorded to date. While no major public security incidents have been widely reported, the consistent discovery of vulnerabilities highlights ongoing challenges in securing complex web applications with extensive user interaction and data handling capabilities.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-13993 | MailerLite – Signup forms (official) <= 1.7.16 - Authenticated (Administrator+) Stored Cross-Site Scripting — MailerLite – Signup forms (official)CWE-79 | 5.5 | Medium | 2025-12-12 |
| CVE-2024-2797 | MailerLite – Signup forms (official) <= 1.7.6 - Missing Authorization — MailerLite – Signup forms (official)CWE-862 | 5.3 | Medium | 2024-05-02 |
| CVE-2024-1386 | WordPress plugin MailerLite 安全漏洞 — MailerLite – Signup forms (official) | 6.4 | Medium | 2024-05-02 |
This page lists every published CVE security advisory associated with mailerlite. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.