VYPR

Newsletter

by WordPress

Source repositories

CVEs (27)

  • CVE-2025-3581MedJun 9, 2025
    risk 0.31cvss 4.8epss 0.00

    The Newsletter WordPress plugin before 8.8.5 does not validate and escape some of its Widget options before outputting them back in a page/post where the block is embed, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even…

  • CVE-2025-3584MedJun 3, 2025
    risk 0.31cvss 4.8epss 0.00

    The Newsletter WordPress plugin before 8.8.2 does not sanitise and escape some of its Subscription settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example…

  • CVE-2025-3583MedMay 5, 2025
    risk 0.31cvss 4.8epss 0.00

    The Newsletter WordPress plugin before 8.7.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite…

  • CVE-2022-1889MedJun 20, 2022
    risk 0.31cvss 4.8epss 0.01

    The Newsletter WordPress plugin before 7.4.6 does not escape and sanitise the preheader_text setting, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfilteredhtml is disallowed

  • CVE-2024-3060MedApr 26, 2024
    risk 0.29cvss 4.5epss 0.01

    The ENL Newsletter WordPress plugin through 1.0.1 does not sanitize and escape a parameter before using it in a SQL statement, allowing admin+ to perform SQL injection attacks

  • CVE-2026-1051MedJan 20, 2026
    risk 0.28cvss 4.3epss 0.00

    The Newsletter – Send awesome emails from WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 9.1.0. This is due to missing or incorrect nonce validation on the hook_newsletter_action() function. This makes it…

  • CVE-2025-14852MedFeb 14, 2026
    risk 0.21cvss 4.3epss 0.00

    The MDirector Newsletter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.8. This is due to missing nonce verification on the mdirectorNewsletterSave function. This makes it possible for unauthenticated attackers to…

Page 2 of 2