GCVE - cpe:2.3:a:wedevs:wemail:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:wedevs:wemail:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Wedevs (`74af2ef9-c755-5b07-93a2-5a3afa051904`)
Product	Wemail (`064b7e75-63ab-509d-8daa-dbcb24c95399`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:composer/wemail/wemail`	purl2cpe	2026-06-01 10:15:48.858868
`pkg:github/wemail/wemail`	purl2cpe	2026-06-01 10:15:48.858869

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-47540`	vulnerable	2026-06-03 15:01:32.940413	WordPress weMail plugin <= 1.14.13 - Sensitive Data Exposure Vulnerability MEDIUM (5.3) Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in weDevs weMail wemail allows Retrieve Embedded Sensitive Data.This issue affects weMail: from n/a through <= 1.14.13. Published: 2025-05-07T14:20:14.711Z Updated: 2026-04-28T16:12:44.387Z Open on db.gcve.eu Reference links https://patchstack.com/database/Wordpress/Plugin/wemail/vulnerability/wordpress-wemail-1-14-13-sensitive-data-exposure-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-43238`	vulnerable	2026-06-03 14:56:44.791339	WordPress weMail plugin <= 1.14.5 - Cross Site Scripting (XSS) vulnerability HIGH (7.1) Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weDevs weMail wemail allows DOM-Based XSS.This issue affects weMail: from n/a through <= 1.14.5. Published: 2024-08-18T13:38:43.513Z Updated: 2026-04-28T16:10:10.139Z Open on db.gcve.eu Reference links https://patchstack.com/database/Wordpress/Plugin/wemail/vulnerability/wordpress-wemail-email-marketing-newsletter-optin-forms-subscribers-wordpress-plugin-plugin-1-14-5-cross-site-scripting-xss-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-34822`	vulnerable	2026-06-03 14:55:55.360580	WordPress weMail plugin <= 1.14.2 - Broken Access Control vulnerability MEDIUM (5.3) Missing Authorization vulnerability in weDevs weMail.This issue affects weMail: from n/a through 1.14.2. Published: 2024-06-11T15:26:25.301Z Updated: 2026-04-28T16:09:51.651Z Open on db.gcve.eu Reference links https://patchstack.com/database/vulnerability/wemail/wordpress-wemail-plugin-1-14-2-broken-access-control-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.