Automattic Mailpoet
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Automattic Mailpoet.
By the Year
In 2026 there have been 0 vulnerabilities in Automattic Mailpoet. Last year, in 2025 Mailpoet had 1 security vulnerability published. Right now, Mailpoet is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 1 | 0.00 |
| 2024 | 1 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 1 | 6.10 |
It may take a day or so for new Mailpoet vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Automattic Mailpoet Security Vulnerabilities
MailPoet WP Plugin Before 5.5.2: Stored XSS via Unsanitized Settings
CVE-2024-12743
- May 15, 2025
The MailPoet WordPress plugin before 5.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
XSS
MailPoet WordPress Plugin Stored XSS Vulnerability
CVE-2024-10103
- November 19, 2024
In the process of testing the MailPoet WordPress plugin before 5.3.2, a vulnerability was found that allows you to implement Stored XSS on behalf of the editor by embedding malicious script, which entails account takeover backdoor
The MailPoet plugin before 3.23.2 for WordPress
CVE-2019-11843
6.1 - Medium
- June 02, 2020
The MailPoet plugin before 3.23.2 for WordPress allows remote attackers to inject arbitrary web script or HTML using extra parameters in the URL (Reflective Server-Side XSS).
XSS
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Automattic Mailpoet or by Automattic? Click the Watch button to subscribe.
