Fp Newsletter Security Vulnerabilities and Issues — Fp Newsletter CVE List

Lucene search

Fp Newsletter ProjectFp Newsletter

4 matches found

CVE•added 2025/06/09 6:15 a.m.•46 views

CVE-2025-3581

The Newsletter WordPress plugin before 8.8.5 does not validate and escape some of its Widget options before outputting them back in a page/post where the block is embed, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html...

4.8CVSS5.5AI score0.0004EPSS

CVE•added 2025/06/09 6:15 a.m.•43 views

CVE-2025-3582

The Newsletter WordPress plugin before 8.85 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

4.8CVSS5.4AI score0.0004EPSS

CVE•added 2025/05/05 6:15 a.m.•39 views

CVE-2025-3583

The Newsletter WordPress plugin before 8.7.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

4.8CVSS5.4AI score0.00046EPSS

CVE•added 2025/06/03 6:15 a.m.•37 views

CVE-2025-3584

The Newsletter WordPress plugin before 8.8.2 does not sanitise and escape some of its Subscription settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

4.8CVSS5.7AI score0.0004EPSS