627 matches found
Email Subscribers & Newsletters <= 5.3.1 - Authenticated SQL Injection
The Email Subscribers & Newsletters WordPress plugin before 5.3.2 does not correctly escape the order and orderby parameters to the ajaxfetchreportlist action, making it vulnerable to blind SQL injection attacks by users with roles as low as Subscriber. Further, it does not have any CSRF protecti...
WordPress Newsletters <= 4.13 - Unauthenticated SQL Injection
Newsletters WordPress plugin = 4.13 contains a time-based SQL injection caused by insufficient escaping of the 'wpmlsubscriberid' parameter, letting unauthenticated attackers extract sensitive database information. id: CVE-2026-3018 info: name: WordPress Newsletters = 4.13 - Unauthenticated SQL...
CVE-2026-11592
The CVE-2026-11592 entry concerns the WordPress plugin Email Subscribers & Newsletters (formerly “Email Marketing, Post Notifications & Newsletter”). It describes an authorization bypass vulnerability affecting all versions up to and including 5.9.27. The root cause is that the plugin fails to ve...
CVE-2026-11592 Email Subscribers & Newsletters <= 5.9.27 - Missing Authorization to Authenticated (Contributor+) Settings Modification via ig_es_handle_request AJAX Action
The Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.9.27. This is due to the plugin not properly verifying that a user is authorized to perfor...
WordPress Groundhogg — CRM, Newsletters, and Marketing Automation plugin <= 4.5.8 - Authenticated (Custom+) SQL Injection vulnerability
Authenticated Custom+ SQL Injection vulnerability discovered by PRISM in WordPress Plugin Groundhogg versions = 4.5.8...
WordPress Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress plugin <= 5.9.27 - Missing Authorization to Authenticated (Contributor+) Settings Modification vulnerability
Missing Authorization to Authenticated Contributor+ Settings Modification vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Email Subscribers & Newsletters versions = 5.9.27...
CVE-2026-57645
newsletterssubscribers Broken Access Control in Newsletters = 4.13 versions...
CVE-2026-54840
Unauthenticated Broken Access Control in Newsletters = 4.13 versions...
CVE-2026-57645
newsletterssubscribers Broken Access Control in Newsletters = 4.13 versions...
CVE-2026-57645 WordPress Newsletters plugin <= 4.13 - Broken Access Control vulnerability
newsletterssubscribers Broken Access Control in Newsletters = 4.13 versions...
CVE-2026-57645
CVE-2026-57645 affects the WordPress Newsletters plugin (versions
EUVD-2026-39682
Unauthenticated Broken Access Control in Newsletters = 4.13 versions...
CVE-2026-54840
The CVE-2026-54840 entry concerns WordPress Newsletters plugin, versions up to 4.13, with an unauthenticated broken access control flaw. The connected sources confirm the affected product and vulnerability class but do not specify exact vulnerable parameters, affected data, exploit methods, or re...
CVE-2026-54840 WordPress Newsletters plugin <= 4.13 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in Newsletters = 4.13 versions...
WordPress Newsletters plugin <= 4.13 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Prodigysec in WordPress Plugin Newsletters versions = 4.13...
WordPress Newsletters plugin <= 4.13 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by HieuPenguinnn in WordPress Plugin Newsletters versions = 4.13...
CVE-2026-3018
The Newsletters plugin for WordPress is vulnerable to time-based SQL Injection via the ‘wpmlsubscriberid’ parameter in all versions up to, and including, 4.13 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...
CVE-2026-3018
The Newsletters plugin for WordPress is vulnerable to time-based SQL Injection via the ‘wpmlsubscriberid’ parameter in all versions up to, and including, 4.13 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...
WordPress Newsletters plugin <= 4.13 - Unauthenticated SQL Injection vulnerability
Unauthenticated SQL Injection vulnerability discovered by wesley wcraft in WordPress Plugin Newsletters versions = 4.13...
CVE-2026-3018
The WordPress Newsletters plugin (versions