Thenewsletterplugin Newsletter

10 CVEs affecting Thenewsletterplugin Newsletter. Latest disclosed: 2025-06-09. Critical: 0, High: 0.

Top CVEs affecting Thenewsletterplugin Newsletter
CVESeverityScorePublishedSummary
CVE-2020-35933Medium6.52021-01-01A Reflected Authenticated Cross-Site Scripting (XSS) vulnerability in the Newsletter plugin before 6.8.2 for WordPress allows remote attackers to trick a victi…
CVE-2024-5317Medium6.42024-06-05The Newsletter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'np1' parameter in all versions up to, and including, 8.3.4 due to ins…
CVE-2023-4772Medium6.42023-09-07The Newsletter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'newsletter_form' shortcode in versions up to, and including, 7.8.9 du…
CVE-2023-27922Medium6.12023-05-23Cross-site scripting vulnerability in Newsletter versions prior to 7.6.9 allows a remote unauthenticated attacker to inject an arbitrary script.
CVE-2022-1756Medium6.12022-06-13The Newsletter WordPress plugin before 7.4.5 does not sanitize and escape the $_SERVER['REQUEST_URI'] before echoing it back in admin pages. Although this uses…
CVE-2025-3582Medium4.82025-06-09The Newsletter WordPress plugin before 8.85 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to pe…
CVE-2025-3581Medium4.82025-06-09The Newsletter WordPress plugin before 8.8.5 does not validate and escape some of its Widget options before outputting them back in a page/post where the bloc…
CVE-2025-3584Medium4.82025-06-03The Newsletter WordPress plugin before 8.8.2 does not sanitise and escape some of its Subscription settings, which could allow high privilege users such as ad…
CVE-2025-3583Medium4.82025-05-05The Newsletter WordPress plugin before 8.7.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perfor…
CVE-2022-1889Medium4.82022-06-20The Newsletter WordPress plugin before 7.4.6 does not escape and sanitise the preheader_text setting, which could allow high privilege users to perform Stored…