| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-3475 | Instant Popup Builder <= 1.1.7 - Unauthenticated Arbitrary Shortcode Execution via 'token' Parameter | instantpopupbuilder | Instant Popup Builder – Powerful Popup Maker for Opt-ins, Email Newsletters & Lead Generation | Medium | 5.3 | 2026-03-19 07:34:56 | Deep Dive |
| CVE-2026-1651 | Email Subscribers & Newsletters <= 5.9.16 - Authenticated (Administrator+) SQL Injection via 'workflow_ids' Parameter | icegram | Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress | Medium | 6.5 | 2026-03-04 01:22:00 | Deep Dive |
| CVE-2025-14339 | weMail <= 2.0.7 - Missing Authorization to Unauthenticated Form Deletion | wedevs | weMail: Email Marketing, Email Automation, Newsletters, Subscribers & Email Optins for WooCommerce | Medium | 6.5 | 2026-02-21 09:28:00 | Deep Dive |
| CVE-2026-1258 | Mail Mint <= 1.19.2 - Authenticated (Administrator+) SQL Injection via Multiple API Endpoints | getwpfunnels | Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails | Medium | 4.9 | 2026-02-14 08:26:48 | Deep Dive |
| CVE-2026-1447 | Mail Mint <= 1.19.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting | getwpfunnels | Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails | Medium | 5.4 | 2026-02-03 06:38:06 | Deep Dive |
| CVE-2025-14348 | weMail <= 2.0.7 - Insufficient Authorization via x-wemail-user Header to Sensitive Information Disclosure | wedevs | weMail: Email Marketing, Email Automation, Newsletters, Subscribers & Email Optins for WooCommerce | Medium | 5.3 | 2026-01-20 04:35:46 | Deep Dive |
| CVE-2025-67911 | WordPress Newsletters plugin <= 4.11 - PHP Object Injection vulnerability | Tribulant Software | Newsletters | 中危 | - | 2026-01-08 09:17:45 | Deep Dive |
| CVE-2025-69020 | WordPress Newsletters plugin <= 4.12 - Cross Site Scripting (XSS) vulnerability | Tribulant Software | Newsletters | 中危 | - | 2025-12-30 10:47:55 | Deep Dive |
| CVE-2025-12348 | Email Subscribers & Newsletters <= 5.9.10 - Missing Authentication to Unauthenticated Action Scheduler Task Execution | icegram | Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress | Medium | 5.3 | 2025-12-12 09:20:29 | Deep Dive |
| CVE-2025-66055 | WordPress Email Subscribers & Newsletters plugin <= 5.9.10 - PHP Object Injection vulnerability | Icegram | Email Subscribers & Newsletters | 中危 | - | 2025-11-21 12:29:54 | Deep Dive |
| CVE-2025-12750 | Groundhogg <= 4.2.6.1 - Authenticated (Admin+) SQL Injection | trainingbusinesspros | Groundhogg — CRM, Newsletters, and Marketing Automation | Medium | 4.9 | 2025-11-21 09:27:03 | Deep Dive |
| CVE-2025-12349 | Email Subscribers & Newsletters <= 5.9.10 - Missing Authentication to Unauthenticated Mailing Queue Trigger | icegram | Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress | Medium | 5.3 | 2025-11-19 04:28:19 | Deep Dive |
| CVE-2025-11967 | Mail Mint <= 1.18.10 - Authenticated (Admin+) Arbitrary File Upload | getwpfunnels | Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails | High | 7.2 | 2025-11-08 09:28:12 | Deep Dive |
| CVE-2025-54034 | WordPress Newsletters plugin <= 4.10 - Local File Inclusion vulnerability | Tribulant Software | Newsletters | High | 7.5 | 2025-08-20 08:02:59 | Deep Dive |
| CVE-2025-54035 | WordPress Newsletters plugin <= 4.10 - Cross Site Request Forgery (CSRF) Vulnerability | Tribulant Software | Newsletters | Medium | 4.3 | 2025-07-16 10:36:48 | Deep Dive |
| CVE-2025-49325 | WordPress Newspack Newsletters plugin <= 3.13.0 - Open Redirection Vulnerability | Automattic | Newspack Newsletters | Medium | 4.7 | 2025-06-06 12:53:56 | Deep Dive |
| CVE-2025-4857 | Newsletters <= 4.9.9.9 - Authenticated (Administrator+) Local File Inclusion | contrid | Newsletters | High | 7.2 | 2025-05-31 11:18:54 | Deep Dive |
| CVE-2025-3107 | Newsletters <= 4.9.9.8 - Authenticated (Contributor+) SQL Injection orderby Parameter | contrid | Newsletters | Medium | 6.5 | 2025-05-13 06:40:55 | Deep Dive |
| CVE-2025-30921 | WordPress Newsletters plugin <= 4.9.9.7 - SQL Injection vulnerability | Tribulant Software | Newsletters | High | 7.6 | 2025-03-27 10:55:57 | Deep Dive |
| CVE-2025-2009 | Newsletters <= 4.9.9.7 - Unauthenticated Stored Cross-Site Scripting | contrid | Newsletters | High | 7.2 | 2025-03-26 08:21:51 | Deep Dive |