All 8 CVE vulnerabilities found in Newsletter, with AI-generated Chinese analysis, references, and POCs.
Vendor: Stefano Lissa & The Newsletter Team
| CVE ID | Title | CVSS | Severity | Paused |
|---|---|---|---|---|
| CVE-2025-67999 | WordPress Newsletter plugin <= 9.0.9 - SQL Injection vulnerability CWE-89 | 7.6 | High | 2025-12-16 |
| CVE-2025-3582 | Newsletter < 8.8.5 - Admin+ Stored XSS via Form | 4.8AI | MediumAI | 2025-06-09 |
| CVE-2025-3581 | Newsletter < 8.8.5 - Admin+ Stored XSS via Widget | 4.8AI | MediumAI | 2025-06-09 |
| CVE-2025-3584 | Newsletter < 8.8.2 - Admin+ Stored XSS via Subscription | 4.8AI | MediumAI | 2025-06-03 |
| CVE-2025-3583 | Newsletter < 8.7.1 - Admin+ Stored XSS | 4.8AI | MediumAI | 2025-05-05 |
| CVE-2024-30522 | WordPress Newsletter plugin <= 8.2.0 - IP Blacklist Bypass vulnerability CWE-290 | 5.3 | Medium | 2024-05-17 |
| CVE-2024-31434 | WordPress Newsletter plugin <= 8.0.6 - Cross Site Request Forgery (CSRF) vulnerability CWE-352 | 5.4 | Medium | 2024-04-15 |
| CVE-2023-27922 | WordPress plugin Newsletter 跨站脚本漏洞 | 6.1 | - | 2023-05-23 |
All 8 known CVE vulnerabilities affecting Newsletter with full Chinese analysis, references, and POCs where available.