Newsletter Vulnerabilities
The Newsletter WordPress plugin has 5 known security vulnerabilities. The most recent was disclosed on January 10, 2024. Check whether your site runs an affected version below.
View Newsletter on WordPress.orgSummary
Latest vulnerability disclosed on January 10, 2024.
Recommendation
WPSentry recommends installing with caution
Use Newsletter only with care. This plugin has a history of high-severity vulnerabilities — always run the latest version and monitor it for newly disclosed issues.
Is your site affected?
Run a free external scan to detect Newsletter and 35+ other WordPress security checks — no login or plugin required.
Known Newsletter vulnerabilities
- medium
Newsletter <= 8.0.6 - Cross-Site Request Forgery
Affected versions: <=8.0.6Disclosed January 10, 2024 - high
Newsletter <= 6.7.6 - Stored Cross-Site Scripting
Affected versions: <=6.7.6Disclosed July 12, 2020 - medium
Newsletter <= 6.5.3 - CSV Injection
Affected versions: <=6.5.3Disclosed March 16, 2020 - medium
Newsletter <= 3.8.2 - Open Redirect
Affected versions: <=3.8.2Disclosed March 30, 2015 - medium
Newsletter <= 3.2.6 - Reflected Cross-Site Scripting
Affected versions: <=3.2.6Disclosed May 14, 2013
How to stay protected
Update promptly
Keep Newsletter on its latest release — most vulnerabilities are fixed in newer versions.
Scan regularly
Run an external scan after every update to catch outdated or vulnerable software early.
Monitor continuously
Enable monitoring to get alerted the moment a new issue affects your stack.