VYPR

Newsletter

by Sourceworkshop

CVEs (3)

  • CVE-2025-67999HigDec 16, 2025
    risk 0.49cvss 7.6epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Stefano Lissa Newsletter newsletter allows Blind SQL Injection.This issue affects Newsletter: from n/a through <= 9.0.9.

  • CVE-2025-14852MedFeb 14, 2026
    risk 0.21cvss 4.3epss 0.00

    The MDirector Newsletter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.8. This is due to missing nonce verification on the mdirectorNewsletterSave function. This makes it possible for unauthenticated attackers to…

  • CVE-2006-1533Mar 30, 2006
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in newsletter.php in Sourceworkshop newsletter 1.0 allows remote attackers to execute arbitrary SQL commands via the newsletteremail parameter.