Thenewsletterplugin Newsletter
10 CVEs affecting Thenewsletterplugin Newsletter. Latest disclosed: 2025-06-09. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2020-35933 | Medium | 6.5 | 2021-01-01 | A Reflected Authenticated Cross-Site Scripting (XSS) vulnerability in the Newsletter plugin before 6.8.2 for WordPress allows remote attackers to trick a victi… |
CVE-2024-5317 | Medium | 6.4 | 2024-06-05 | The Newsletter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'np1' parameter in all versions up to, and including, 8.3.4 due to ins… |
CVE-2023-4772 | Medium | 6.4 | 2023-09-07 | The Newsletter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'newsletter_form' shortcode in versions up to, and including, 7.8.9 du… |
CVE-2023-27922 | Medium | 6.1 | 2023-05-23 | Cross-site scripting vulnerability in Newsletter versions prior to 7.6.9 allows a remote unauthenticated attacker to inject an arbitrary script. |
CVE-2022-1756 | Medium | 6.1 | 2022-06-13 | The Newsletter WordPress plugin before 7.4.5 does not sanitize and escape the $_SERVER['REQUEST_URI'] before echoing it back in admin pages. Although this uses… |
CVE-2025-3582 | Medium | 4.8 | 2025-06-09 | The Newsletter WordPress plugin before 8.85 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to pe… |
CVE-2025-3581 | Medium | 4.8 | 2025-06-09 | The Newsletter WordPress plugin before 8.8.5 does not validate and escape some of its Widget options before outputting them back in a page/post where the bloc… |
CVE-2025-3584 | Medium | 4.8 | 2025-06-03 | The Newsletter WordPress plugin before 8.8.2 does not sanitise and escape some of its Subscription settings, which could allow high privilege users such as ad… |
CVE-2025-3583 | Medium | 4.8 | 2025-05-05 | The Newsletter WordPress plugin before 8.7.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perfor… |
CVE-2022-1889 | Medium | 4.8 | 2022-06-20 | The Newsletter WordPress plugin before 7.4.6 does not escape and sanitise the preheader_text setting, which could allow high privilege users to perform Stored… |