CVE-2022-1604

CVE-2022-1604: MailerLite < 1.5.4 - Reflected Cross-Site Scripting

Vendor Unknown

Product MailerLite – Signup forms (official)

Weakness CWE-79 · XSS

Published June 13, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The MailerLite WordPress plugin before 1.5.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting

Key dates

02Disclosure timeline

June 13, 2022 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-1604 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2021-36803 Akaunting Avatar Persistent XSS CVE-2021-1582 Cisco Application Policy Infrastructure Controller Stored Cross-Site Scripting Vulnerability CVE-2019-11828 CVE-2025-39397 WordPress Anything Popup plugin <= 7.3 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2023-42022 IBM InfoSphere Information Server cross-site scripting