Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Newsletters — Vulnerabilities & Security Advisories 21

All 21 CVE vulnerabilities found in Newsletters, with AI-generated Chinese analysis, references, and POCs.

Vendor: Tribulant

CVE IDTitleCVSSSeverityPublished
CVE-2025-67911 WordPress Newsletters plugin <= 4.11 - PHP Object Injection vulnerability CWE-502 9.8 -2026-01-08
CVE-2025-69020 WordPress Newsletters plugin <= 4.12 - Cross Site Scripting (XSS) vulnerability CWE-79 5.4 -2025-12-30
CVE-2025-54034 WordPress Newsletters plugin <= 4.10 - Local File Inclusion vulnerability CWE-98 7.5 High2025-08-20
CVE-2025-54035 WordPress Newsletters plugin <= 4.10 - Cross Site Request Forgery (CSRF) Vulnerability CWE-352 4.3 Medium2025-07-16
CVE-2025-4857 Newsletters <= 4.9.9.9 - Authenticated (Administrator+) Local File Inclusion CWE-22 7.2 High2025-05-31
CVE-2025-3107 Newsletters <= 4.9.9.8 - Authenticated (Contributor+) SQL Injection orderby Parameter CWE-89 6.5 Medium2025-05-13
CVE-2025-30921 WordPress Newsletters plugin <= 4.9.9.7 - SQL Injection vulnerability CWE-89 7.6 High2025-03-27
CVE-2025-2009 Newsletters <= 4.9.9.7 - Unauthenticated Stored Cross-Site Scripting CWE-79 7.2 High2025-03-26
CVE-2024-13739 Newsletters <= 4.9.9.7 - Reflected Cross-Site Scripting via To Parameter CWE-79 6.1 Medium2025-03-22
CVE-2025-24599 WordPress Newsletters plugin <= 4.9.9.6 - Reflected Cross Site Scripting (XSS) vulnerability CWE-79 7.1 High2025-02-04
CVE-2024-10181 Newsletters <= 4.9.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via newsletters_video Shortcode CWE-79 6.4 Medium2024-10-29
CVE-2024-47346 WordPress Newsletters plugin <= 4.9.9.1 - Reflected Cross Site Scripting (XSS) vulnerability CWE-79 7.1 High2024-10-06
CVE-2024-8247 Newsletters <= 4.9.9.2 - Authenticated Privilege Escalation CWE-269 8.8 High2024-09-06
CVE-2024-43279 WordPress Newsletters plugin <= 4.9.8 - Cross Site Scripting (XSS) vulnerability CWE-79 7.1 High2024-08-18
CVE-2024-7411 Newsletters <= 4.9.9 - Unauthenticated Full Path Disclosure CWE-200 5.3 Medium2024-08-15
CVE-2024-37227 WordPress Newsletters plugin <= 4.9.7 - Cross Site Request Forgery (CSRF) vulnerability 4.3 Medium2024-06-21
CVE-2024-35718 WordPress Newsletters plugin <= 4.9.5 - Reflected Cross Site Scripting (XSS) vulnerability CWE-79 7.1 High2024-06-08
CVE-2024-32954 WordPress Newsletters plugin <= 4.9.5 - Arbitrary File Upload vulnerability CWE-434 9.1 Critical2024-04-24
CVE-2024-32953 WordPress Newsletters plugin <= 4.9.5 - Sensitive Data Exposure vulnerability CWE-532 7.5 High2024-04-24
CVE-2023-4797 Newsletter Lite < 4.9.3 - Admin+ Command Injection 7.2 -2024-01-16
CVE-2023-30478 WordPress Newsletters Plugin <= 4.8.8 is vulnerable to Cross Site Request Forgery (CSRF) CWE-352 8.8 -2023-11-10

All 21 known CVE vulnerabilities affecting Newsletters with full Chinese analysis, references, and POCs where available.