Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

Newsletters — Vulnerabilities & Security Advisories 24

All 24 CVE vulnerabilities found in Newsletters, with AI-generated Chinese analysis, references, and POCs.

This page is a vulnerability aggregation resource for the product Newsletters, focusing on weakness classifications and vendor advisory tags. It collects a comprehensive record of security issues reported for newsletter management systems, including flaws related to cross-site scripting, unauthorized access, and configuration errors. The data spans from the initial release of modern newsletter platforms up to the most recent disclosures, ensuring a historical perspective on emerging threats in this domain. Visitors can utilize this page to track specific vendor advisories over time, helping organizations assess the maturity of their security posture. Furthermore, it allows users to understand broader weakness classes that commonly affect newsletter software, such as injection vulnerabilities or insecure default configurations. The aggregation also supports looking up a product's complete vulnerability history, providing context on how often updates are issued and which components remain most susceptible. This structured approach enables security teams and developers to identify trends, prioritize patching efforts, and compare remediation timelines across different providers. By consolidating these disparate sources, the page offers a clear view of the landscape without requiring manual searching across multiple vendor sites. The information is intended to support risk assessment and informed decision-making regarding the maintenance and upgrade of newsletter infrastructure. All entries are categorized to facilitate efficient filtering and analysis of security incidents relevant to this specific product category.

Vendor: Tribulant

CVE IDTitleCVSSSeverityPublished
CVE-2026-57645 WordPress Newsletters plugin <= 4.13 - Broken Access Control vulnerability CWE-862 8.1 High2026-06-26
CVE-2026-54840 WordPress Newsletters plugin <= 4.13 - Broken Access Control vulnerability CWE-862 7.3 High2026-06-26
CVE-2026-3018 Newsletters <= 4.13 - Unauthenticated SQL Injection via wpmlsubscriber_id Parameter CWE-89 7.5 High2026-06-10
CVE-2025-67911 WordPress Newsletters plugin <= 4.11 - PHP Object Injection vulnerability CWE-502 9.8 Critical2026-01-08
CVE-2025-69020 WordPress Newsletters plugin <= 4.12 - Cross Site Scripting (XSS) vulnerability CWE-79 6.5 Medium2025-12-30
CVE-2025-54034 WordPress Newsletters plugin <= 4.10 - Local File Inclusion vulnerability CWE-98 7.5 High2025-08-20
CVE-2025-54035 WordPress Newsletters plugin <= 4.10 - Cross Site Request Forgery (CSRF) Vulnerability CWE-352 4.3 Medium2025-07-16
CVE-2025-4857 Newsletters <= 4.9.9.9 - Authenticated (Administrator+) Local File Inclusion CWE-22 7.2 High2025-05-31
CVE-2025-3107 Newsletters <= 4.9.9.8 - Authenticated (Contributor+) SQL Injection orderby Parameter CWE-89 6.5 Medium2025-05-13
CVE-2025-30921 WordPress Newsletters plugin <= 4.9.9.7 - SQL Injection vulnerability CWE-89 7.6 High2025-03-27
CVE-2025-2009 Newsletters <= 4.9.9.7 - Unauthenticated Stored Cross-Site Scripting CWE-79 7.2 High2025-03-26
CVE-2024-13739 Newsletters <= 4.9.9.7 - Reflected Cross-Site Scripting via To Parameter CWE-79 6.1 Medium2025-03-22
CVE-2025-24599 WordPress Newsletters plugin <= 4.9.9.6 - Reflected Cross Site Scripting (XSS) vulnerability CWE-79 7.1 High2025-02-04
CVE-2024-10181 Newsletters <= 4.9.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via newsletters_video Shortcode CWE-79 6.4 Medium2024-10-29
CVE-2024-47346 WordPress Newsletters plugin <= 4.9.9.1 - Reflected Cross Site Scripting (XSS) vulnerability CWE-79 7.1 High2024-10-06
CVE-2024-8247 Newsletters <= 4.9.9.2 - Authenticated Privilege Escalation CWE-269 8.8 High2024-09-06
CVE-2024-43279 WordPress Newsletters plugin <= 4.9.8 - Cross Site Scripting (XSS) vulnerability CWE-79 7.1 High2024-08-18
CVE-2024-7411 Newsletters <= 4.9.9 - Unauthenticated Full Path Disclosure CWE-200 5.3 Medium2024-08-15
CVE-2024-37227 WordPress Newsletters plugin <= 4.9.7 - Cross Site Request Forgery (CSRF) vulnerability 4.3 Medium2024-06-21
CVE-2024-35718 WordPress Newsletters plugin <= 4.9.5 - Reflected Cross Site Scripting (XSS) vulnerability CWE-79 7.1 High2024-06-08
CVE-2024-32954 WordPress Newsletters plugin <= 4.9.5 - Arbitrary File Upload vulnerability CWE-434 9.1 Critical2024-04-24
CVE-2024-32953 WordPress Newsletters plugin <= 4.9.5 - Sensitive Data Exposure vulnerability CWE-532 7.5 High2024-04-24
CVE-2023-4797 Newsletter Lite < 4.9.3 - Admin+ Command Injection 7.2 -2024-01-16
CVE-2023-30478 WordPress Newsletters Plugin <= 4.8.8 is vulnerable to Cross Site Request Forgery (CSRF) CWE-352 5.4 Medium2023-11-10

All 24 known CVE vulnerabilities affecting Newsletters with full Chinese analysis, references, and POCs where available.