Email Subscribers & Newsletters <= 5.3.1 - Authenticated SQL Injection

The Email Subscribers & Newsletters WordPress plugin before 5.3.2 does not correctly escape the order and orderby parameters to the ajaxfetchreportlist action, making it vulnerable to blind SQL injection attacks by users with roles as low as Subscriber. Further, it does not have any CSRF protecti...

CVE-2025-67911 WordPress Newsletters plugin <= 4.11 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Tribulant Software Newsletters newsletters-lite allows Object Injection.This issue affects Newsletters: from n/a through = 4.11...

WordPress plugin Newsletters 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

WordPress Newsletters plugin <= 4.11 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Skalucy in WordPress Plugin Newsletters versions = 4.11...

CVE-2025-69020 WordPress Newsletters plugin <= 4.12 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Tribulant Software Newsletters newsletters-lite allows Stored XSS.This issue affects Newsletters: from n/a through = 4.12...

CVE-2025-69020

CVE-2025-69020 affects the WordPress Newsletters (Newsletters Lite) plugin, with vulnerable versions listed as Newsletters

CVE-2025-69020 WordPress Newsletters plugin <= 4.12 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Tribulant Software Newsletters newsletters-lite allows Stored XSS.This issue affects Newsletters: from n/a through = 4.12...

WordPress plugin Newsletters 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

WordPress Newsletters plugin <= 4.12 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Newsletters versions = 4.12...

CVE-2025-12348 Email Subscribers & Newsletters <= 5.9.10 - Missing Authentication to Unauthenticated Action Scheduler Task Execution

The Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 5.9.10. This is due to the plugin not properly verifying that a user is authorized to perform an action in the...

CVE-2025-66055

Deserialization of Untrusted Data vulnerability in Icegram Email Subscribers & Newsletters email-subscribers allows Object Injection.This issue affects Email Subscribers & Newsletters: from n/a through = 5.9.10...

WordPress plugin Email Subscribers & Newsletters 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

WordPress Email Subscribers & Newsletters plugin <= 5.9.10 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Email Subscribers & Newsletters versions = 5.9.10...

EUVD-2019-5580

Malware in sbrugna...

EUVD-2021-8157

Malicious code in bioql PyPI...

WordPress plugin Newsletters 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...

CVE-2025-54035

The CVE-2025-54035 issue is a CSRF vulnerability in Tribulant Software Newsletters (WordPress plugin), affecting versions up to 4.10. The public record notes CSRF exposure enabling unauthorized actions by authenticated users. Remediation per multiple sources is to update to a version later than 4...

CVE-2025-54035 WordPress Newsletters plugin <= 4.10 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in Tribulant Software Newsletters newsletters-lite allows Cross Site Request Forgery.This issue affects Newsletters: from n/a through = 4.10...

CVE-2025-54035 WordPress Newsletters plugin <= 4.10 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in Tribulant Software Newsletters newsletters-lite allows Cross Site Request Forgery.This issue affects Newsletters: from n/a through = 4.10...

WordPress plugin Newsletters 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...