VYPR

Newsletter Email Subscribe

by WordPress

Source repositories

CVEs (2)

  • CVE-2022-0439HigMar 7, 2022
    risk 0.58cvss 8.8epss 0.04

    The Email Subscribers & Newsletters WordPress plugin before 5.3.2 does not correctly escape the `order` and `orderby` parameters to the `ajax_fetch_report_list` action, making it vulnerable to blind SQL injection attacks by users with roles as low as Subscriber. Further, it does…

  • CVE-2025-14904MedJan 7, 2026
    risk 0.28cvss 4.3epss 0.00

    The Newsletter Email Subscribe plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4. This is due to incorrect nonce validation on the nels_settings_page function. This makes it possible for unauthenticated attackers to update…