Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

37 matches found

Cvelist
Cvelistadded 4 days ago29 views

CVE-2026-57645 WordPress Newsletters plugin <= 4.13 - Broken Access Control vulnerability

newsletterssubscribers Broken Access Control in Newsletters = 4.13 versions...

8.1CVSS0.00189EPSS
Exploits0References1
CVE
CVEadded 4 days ago9 views

CVE-2026-57645

CVE-2026-57645 affects the WordPress Newsletters plugin (versions

8.1CVSS5.8AI score0.00189EPSS
Exploits0References1
Cvelist
Cvelistadded 4 days ago30 views

CVE-2026-54840 WordPress Newsletters plugin <= 4.13 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Newsletters = 4.13 versions...

7.3CVSS0.00213EPSS
Exploits0References1
CVE
CVEadded 4 days ago13 views

CVE-2026-54840

The CVE-2026-54840 entry concerns WordPress Newsletters plugin, versions up to 4.13, with an unauthenticated broken access control flaw. The connected sources confirm the affected product and vulnerability class but do not specify exact vulnerable parameters, affected data, exploit methods, or re...

7.3CVSS5.8AI score0.00213EPSS
Exploits0References1
Patchstack
Patchstackadded 2026/06/18 1:14 p.m.4 views

WordPress Newsletters plugin <= 4.13 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by HieuPenguinnn in WordPress Plugin Newsletters versions = 4.13...

7.3CVSS5.8AI score0.00213EPSS
Exploits0Affected Software1
NVD
NVDadded 2026/06/10 10:16 a.m.17 views

CVE-2026-3018

The Newsletters plugin for WordPress is vulnerable to time-based SQL Injection via the ‘wpmlsubscriberid’ parameter in all versions up to, and including, 4.13 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

7.5CVSS0.01382EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/06/10 12:0 a.m.13 views

PT-2026-48398

Name of the Vulnerable Software and Affected Versions Newsletters plugin for WordPress versions prior to 4.14 Description The plugin is susceptible to time-based SQL Injection, a technique where an attacker sends queries that force the database to wait a specific amount of time before responding,...

7.5CVSS5.6AI score0.01382EPSS
Exploits0References7
VulnCheck KEV
VulnCheck KEVadded 2026/06/10 12:0 a.m.10 views

VulnCheck KEV: CVE-2026-3018

The Newsletters plugin for WordPress is vulnerable to time-based SQL Injection via the ‘wpmlsubscriberid’ parameter in all versions up to, and including, 4.13 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

7.5CVSS5.8AI score0.01382EPSS
In wildExploits0References2
Vulnrichment
Vulnrichmentadded 2026/01/08 9:17 a.m.3 views

CVE-2025-67911 WordPress Newsletters plugin <= 4.11 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Tribulant Software Newsletters newsletters-lite allows Object Injection.This issue affects Newsletters: from n/a through = 4.11...

9.8CVSS6.6AI score0.00375EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/01/08 9:17 a.m.25 views

CVE-2025-67911 WordPress Newsletters plugin <= 4.11 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Tribulant Software Newsletters newsletters-lite allows Object Injection.This issue affects Newsletters: from n/a through = 4.11...

9.8CVSS0.00375EPSS
Exploits0References1
CVE
CVEadded 2026/01/08 9:17 a.m.15 views

CVE-2025-67911

CVE-2025-67911 describes a Deserialization of Untrusted Data vulnerability in the Tribulant Software Newsletters newsletters-lite plugin. The WordPress/newsletters entry states unauthenticated Object Injection via deserialization, affecting Newsletters: from n/a through

9.8CVSS6.6AI score0.00375EPSS
Exploits0References1
Cvelist
Cvelistadded 2025/12/30 10:47 a.m.22 views

CVE-2025-69020 WordPress Newsletters plugin <= 4.12 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Tribulant Software Newsletters newsletters-lite allows Stored XSS.This issue affects Newsletters: from n/a through = 4.12...

6.5CVSS0.0013EPSS
Exploits0References1
CVE
CVEadded 2025/12/30 10:47 a.m.12 views

CVE-2025-69020

CVE-2025-69020 affects the WordPress Newsletters (Newsletters Lite) plugin, with vulnerable versions listed as Newsletters

6.5CVSS5.6AI score0.0013EPSS
Exploits0References1
Cvelist
Cvelistadded 2025/08/20 8:2 a.m.8 views

CVE-2025-54034 WordPress Newsletters plugin <= 4.10 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Tribulant Software Newsletters newsletters-lite allows PHP Local File Inclusion.This issue affects Newsletters: from n/a through = 4.10...

7.5CVSS0.00423EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2025/08/20 8:2 a.m.2 views

CVE-2025-54034 WordPress Newsletters <= 4.10 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Tribulant Software Newsletters allows PHP Local File Inclusion. This issue affects Newsletters: from n/a through 4.10...

7.5CVSS7.4AI score0.00423EPSS
Exploits0References1
Cvelist
Cvelistadded 2025/07/16 10:36 a.m.10 views

CVE-2025-54035 WordPress Newsletters plugin <= 4.10 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in Tribulant Software Newsletters newsletters-lite allows Cross Site Request Forgery.This issue affects Newsletters: from n/a through = 4.10...

4.3CVSS0.00128EPSS
Exploits0References1
CVE
CVEadded 2025/07/16 10:36 a.m.21 views

CVE-2025-54035

The CVE-2025-54035 issue is a CSRF vulnerability in Tribulant Software Newsletters (WordPress plugin), affecting versions up to 4.10. The public record notes CSRF exposure enabling unauthorized actions by authenticated users. Remediation per multiple sources is to update to a version later than 4...

4.3CVSS5.9AI score0.00128EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/05/15 7:18 a.m.20 views

CVE-2025-3107

The Newsletters plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby' parameter in all versions up to, and including, 4.9.9.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible...

6.5CVSS7.4AI score0.0034EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2025/05/13 12:0 a.m.3 views

PT-2025-20834 · WordPress · Newsletters

Name of the Vulnerable Software and Affected Versions: Newsletters plugin for WordPress versions up to and including 4.9.9.8 Description: The issue allows authenticated attackers with Contributor-level access or higher to inject additional SQL queries into existing ones, potentially extracting...

6.5CVSS7.1AI score0.0034EPSS
Exploits0References8
Cvelist
Cvelistadded 2025/03/27 10:55 a.m.20 views

CVE-2025-30921 WordPress Newsletters plugin <= 4.9.9.7 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Tribulant Software Newsletters newsletters-lite allows SQL Injection.This issue affects Newsletters: from n/a through = 4.9.9.7...

7.6CVSS0.00494EPSS
Exploits1References1
Rows per page
Query Builder