626 matches found
CVE-2026-11592
The CVE-2026-11592 entry concerns the WordPress plugin Email Subscribers & Newsletters (formerly “Email Marketing, Post Notifications & Newsletter”). It describes an authorization bypass vulnerability affecting all versions up to and including 5.9.27. The root cause is that the plugin fails to ve...
WordPress Groundhogg — CRM, Newsletters, and Marketing Automation plugin <= 4.5.8 - Authenticated (Custom+) SQL Injection vulnerability
Authenticated Custom+ SQL Injection vulnerability discovered by PRISM in WordPress Plugin Groundhogg versions = 4.5.8...
WordPress Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress plugin <= 5.9.27 - Missing Authorization to Authenticated (Contributor+) Settings Modification vulnerability
Missing Authorization to Authenticated Contributor+ Settings Modification vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Email Subscribers & Newsletters versions = 5.9.27...
Email Subscribers & Newsletters <= 5.3.1 - Authenticated SQL Injection
The Email Subscribers & Newsletters WordPress plugin before 5.3.2 does not correctly escape the order and orderby parameters to the ajaxfetchreportlist action, making it vulnerable to blind SQL injection attacks by users with roles as low as Subscriber. Further, it does not have any CSRF protecti...
WordPress Newsletters <= 4.13 - Unauthenticated SQL Injection
Newsletters WordPress plugin = 4.13 contains a time-based SQL injection caused by insufficient escaping of the 'wpmlsubscriberid' parameter, letting unauthenticated attackers extract sensitive database information. id: CVE-2026-3018 info: name: WordPress Newsletters = 4.13 - Unauthenticated SQL...
CVE-2026-57645
newsletterssubscribers Broken Access Control in Newsletters = 4.13 versions...
CVE-2026-54840
Unauthenticated Broken Access Control in Newsletters = 4.13 versions...
CVE-2026-57645
newsletterssubscribers Broken Access Control in Newsletters = 4.13 versions...
CVE-2026-57645 WordPress Newsletters plugin <= 4.13 - Broken Access Control vulnerability
newsletterssubscribers Broken Access Control in Newsletters = 4.13 versions...
CVE-2026-57645
CVE-2026-57645 affects the WordPress Newsletters plugin (versions
EUVD-2026-39682
Unauthenticated Broken Access Control in Newsletters = 4.13 versions...
CVE-2026-54840
The CVE-2026-54840 entry concerns WordPress Newsletters plugin, versions up to 4.13, with an unauthenticated broken access control flaw. The connected sources confirm the affected product and vulnerability class but do not specify exact vulnerable parameters, affected data, exploit methods, or re...
CVE-2026-54840 WordPress Newsletters plugin <= 4.13 - Broken Access Control vulnerability
Unauthenticated Broken Access Control in Newsletters = 4.13 versions...
WordPress Newsletters plugin <= 4.13 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Prodigysec in WordPress Plugin Newsletters versions = 4.13...
WordPress Newsletters plugin <= 4.13 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by HieuPenguinnn in WordPress Plugin Newsletters versions = 4.13...
CVE-2026-3018
The Newsletters plugin for WordPress is vulnerable to time-based SQL Injection via the ‘wpmlsubscriberid’ parameter in all versions up to, and including, 4.13 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...
CVE-2026-3018
The Newsletters plugin for WordPress is vulnerable to time-based SQL Injection via the ‘wpmlsubscriberid’ parameter in all versions up to, and including, 4.13 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...
WordPress Newsletters plugin <= 4.13 - Unauthenticated SQL Injection vulnerability
Unauthenticated SQL Injection vulnerability discovered by wesley wcraft in WordPress Plugin Newsletters versions = 4.13...
CVE-2026-3018
The WordPress Newsletters plugin (versions
CVE-2026-3018 Newsletters <= 4.13 - Unauthenticated SQL Injection via wpmlsubscriber_id Parameter
The Newsletters plugin for WordPress is vulnerable to time-based SQL Injection via the ‘wpmlsubscriberid’ parameter in all versions up to, and including, 4.13 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...