Headline
CVE-2022-33201: MailerLite – Signup forms (official)
Cross-Site Request Forgery (CSRF) vulnerability in MailerLite – Signup forms (official) plugin <= 1.5.7 at WordPress allows an attacker to change the API key.
- Details
- Reviews
- Installation
- Support
- Development
MailerLite – Signup forms (official) plugin
The Official MailerLite signup forms plugin makes it easy to grow your newsletter subscriber list from your WordPress blog or website. The plugin automatically integrates your WordPress form with your MailerLite email marketing account.
If you don’t have MailerLite account yet, you can signup for a FREE trial here.
Once you activate the plugin, you’ll be able to select and add any of the pre-built webforms from your MailerLite account or create a new form from scratch. You can place the form in the sidebar using a widget or use a shortcode to put it wherever you want.
Setup is fast and easy! You just need to enter your MailerLite account API code and you’re all set.
Plugin features include:
- Easily-to-add webforms from MailerLite to your WordPress blog or website
- Option to create new webforms
- WordPress 5 new editor support
- Save subscribers automatically to your MailerLite account
- Place webforms using widget or shortcode
- Double opt-in signup
- Updated plugin layout
- Automate welcome emails from your MailerLite account
Arbitrary section
This plugin provides 1 block.
- MailerLite signup form
Method 1
- Login to your WordPress admin panel.
- Open Plugins in the left sidebar, click Add New, and search for MailerLite plugin.
- Install the plugin and activate it.
Method 2
- Download the MailerLite plugin.
- Unzip the downloaded file and upload to your /wp-content/plugins/ folder.
- Activate the plugin in WordPress admin panel.
Setup
- After successful installation you will see MailerLite icon on the left sidebar. Click it.
- Enter your MailerLite account API key. You can find it in your MailerLite account by clicking “Developer API” link in the bottom of the page.
- Click “Add New Signup Form” .
- Choose “Webforms created using MailerLite” if you wan’t to use a signup form that you already created in your MailerLite account or “Custom signup form” if you want to create it now.
- If you want to include signup form in the sidebar of your blog or website, go to Appearance > Widgets and drag “MailerLite signup form” to the sidebar. Choose which signup form to display.
- If you want to include signup form inside your post or page, use shortcodes. You will see MailerLite icon in your content editor, click it and choose which form to display. It will put a shortcode (for example [mailerlite_form form_id=1]) and your visitors will see signup form in that place.
Requirements
- Requires PHP5 and CURL.
What is the plugin license?
- This plugin is released under a GPL license.
What is MailerLite?
MailerLite is easy to use web-based email marketing software. It can help you create and send email newsletters, manage subscribers, track and analyze results.
Do I need a MailerLite account to use this plugin?
Yes, you can easily register at www.mailerlite.com
How to display a form in posts or pages?
Use shortcode with form id which you created [mailerlite_form form_id=1].
Just add “MailerLite signup form widget” and select form you have created
How to display a form in my template files?
Use the load_mailerlite_form($id) function.
<?php
if( function_exists( 'load_mailerlite_form' ) ) {
load_mailerlite_form(0);
}
How can I style the sign-up form?
You can use CSS rules to style the sign-up form, use the following CSS selectors to target the various form elements.
Every form can be different, because element ID of form is:
#mailerlite-form_(your_form_id)
Elements of form can be styled.
.mailerlite-form .mailerlite-form-title {} /* the form title */
.mailerlite-form .mailerlite-form-description {} /* the form description */
.mailerlite-form .mailerlite-form-field label {} /* the form input label */
.mailerlite-form .mailerlite-form-field input {} /* the form inputs */
.mailerlite-form .mailerlite-form-loader {} /* the form loading text */
.mailerlite-form .mailerlite-subscribe-button-container {} /* the form button container */
.mailerlite-form .mailerlite-subscribe-button-container .mailerlite-subscribe-submit {} /* the form submit button */
.mailerlite-form .mailerlite-form-response {} /* the form response message */
Add your custom CSS rules to the end of your theme stylesheet, /wp-content/themes/your-theme-name/style.css. Do not add them to the plugin stylesheet as they will be automatically overwritten on the next plugin update.
Where can I find my MailerLite API key?
Check it here!
The plugin mostly does what it’s supposed to. They will occasionally push updates that breaks things and won’t respond to any support inquiries. Be careful when updating this plugin.
I installed the plugin since a while, but it has no effect, nothing appear to setup or configure the popups. Actual version of mailer lite officially not tested (1.4.9) with current version of WP (5.8.2).
Plugin works great - I know other people have had trouble with it, but I found it easy and intuitive to integrate. MailerLite has the best support team ever!
It’s working well for me so far as purely a mailing list signup mechanism. However, I’d like to be able to add new site member signups to the mailing list too (with their permission, of course). (I have Paid Memberships Pro on one site, which I did have working with Mailchimp, and LearnPress with WooCommerce on the other.) Not sure I’m techy enough to get to grips with using Zapier or some other middleman app to do this!
This is a good plugin to add a for fairly quick and easy. If you are trying to do anything more, you will run out of luck fast. There are no settings or useful code hooks (actions or filters) for customizing redirect to landing page or other useful tricks with forms.
I have no clue how I can get the new created forms visible in Wordpress… I tried a couple of times to add the API key again. And that worked, until the last time. But overall, I really like how easy it is to get the forms created AND visible in Wordpress. No issues what so ever.
Read all 20 reviews
“MailerLite – Signup forms (official)” is open source software. The following people have contributed to this plugin.
Contributors
- mailerlite
1.5.9
- Update – API client
1.5.8
- Security fix
1.5.7
- Tested up to latest WP version
1.5.6
- Fix – deactivate issue
- Tested up to latest WP version
1.5.5
- Fix – wp_nonce for cached pages
1.5.4
- Fix – Input validation
- Tested up to latest WP version
1.5.3
- Update – API update
- Tested up to latest WP version
1.5.2
- Fix – Include Universal js
1.5.1
- Fix – Form clear issue
1.5.0
- Tested with WordPress 5.8.3
- Update – Gutenberg plugin in plain JS
1.4.10
- Update – Plugin display name
- Tested up to latest WP version
1.4.9
- Forms are embedded with the new method
- 1k limit to webforms API request
1.4.8
- Fix – Gutenberg add / edit form fix
1.4.7
- Tweak – Embedded forms subdomain changed
1.4.6
- Fix – Gutenberg script enqueue called action method was non-static
1.4.5
- Fix – Additional security for AJAX calls
1.4.4
- Fix – Additional security for database queries
1.4.3
- Fix – removed use of deprecated php method
1.4.2
- Fix – Styles on form description bug
- Update – Added a Load more button for groups on the creation stage phase.
- Update – Hidden api key
1.4
- Tweak – Show more than 100 groups when creating a custom form
- Tweak – Renamed some classes to avoid fatal errors from other plugin having the same class names
- Tweak – Reformatted code to WordPress code style
- Tweak – Loading custom form javascript after window load for better optimisations
- Tweak – Switched loading jQuery validate plugin from MailerLite CDN to your local WordPress site
1.3.6
- Feature – Status page to provide information about your environment
- Tweak – Even better support for older PHP versions in main plugin file
- Fix – Plugin’s stylesheet is only included in pages where it is required
1.3.5
- Tweak – Better support for older PHP versions in main plugin file
1.3.4
- Fix – Subscriber adding bug
1.3.3
- Fix – Form edit redirect not working
1.3.2
- Fix – Form block js file version bump
1.3.1
- Fix – “Media views” block bug
1.3
- Feature – WordPress 5 block
- Feature – Double opt-in feature
- Tweak – New admin design
- Update – The plugin uses MailerLite API V2 from now on
1.2.8
Check WP 5.0 support
1.2.7
API url fix
1.2.6
Test new WordPress
1.2.5
Updated forms (GDPR compatible)
1.2.4
release fix
1.2.3
fix form protocol
1.2.2
mistype fix in version no
1.2.1
adding en_US locale language translation files
1.2
some small php notice errors fixed. More clear tooltips about embed forms. Popup script settings moved to settings page. Added en_US locale translations (the same as en_EN)
1.1.25
short php open tag fix
1.1.24
bigger curl timeout for API call, temporary
1.1.23
fixed translations, added english .po/.mo files, added “please wait” message translate option to custom forms
1.1.22
updated jquery validation script URL to use static.mailerlite.com
1.1.21
small bugfixes
1.1.20
curl error showing, empty embed form bugfix, other bugfixes
1.1.19
translation fixes
1.1.18
mistype fix for old versions
1.1.17
translation errors for LT language, allowing only embed and button forms
1.1.16
- providing support for older PHP versions
1.1.15
- file_get_contents changed to cURL
1.1.14
- custom thank you message added
1.1.13
- tested with 4.6 version
1.1.12
- multisite support
1.1.11
- post escaped with stripslashes_deep
1.1.10
- mistype – signing up
1.1.9
- fixed app static script url
1.1.8
- fixed old syntax constructors in API classes
1.1.7
- option to activate popup form
1.1.6
- popup webforms added
1.1.5
- php notice fix
1.1.4
- fixed jquery bug
1.1.3
- some problem with version number
1.1.2
- wordpress issue bug fix
1.1.1
- updated readme and version constants
1.1
- tested with up to 4.5.1 wordpress. version. Added list of languages for validation messages. Fixed mistype “sign up”
1.0.18
- added php,wordpress and curl version checks before activation
1.0.17
- fix db queries for update
1.0.16
- links to https, db update charset
1.0.15
- Updated links to knowledge base about api key, changed db charset for table – utf8_bin
1.0.14
- Removed new lines for some cases
1.0.13
- Empty form description allowed
1.0.12
- Fix mistype in curl method
1.0.11
- Version fix
1.0.10
- Some code refactor, array fixes for PHP older than 5.4
1.0.9
- Curl safe mode fix
1.0.8
- Fix shortcode popup
1.0.7
- Fix shortcode
1.0.6
- Fix embedded form cache
1.0.5
- Fix for WP 4.0
1.0.4
- Subscribe button update
1.0.3
- jQuery load update
1.0.2
- Small changes
1.0.1
- Added translations
1.0
- First release