Newsletter – Send awesome emails from WordPress

Vulnerabilities 33Slug newsletterLatest version 9.2.5WordPress.org →

Minimum safe version

9.1.1

Update to 9.1.1 or later to address 33 fixable vulnerabilities

Latest available9.2.5 ✓

Medium 4.8

2025-06-09< 8.8.5

Newsletter <= 8.8.4 - Authenticated (Administrator+) Stored Cross-Site Scripting

EUVD Wordfence CVE

Medium 4.8

2025-06-09< 8.8.5

Newsletter <= 8.8.4 - Authenticated (Administrator+) Stored Cross-Site Scripting

EUVD Wordfence CVE

N/A

2026-01-19< 9.1.1

Newsletter – Send awesome emails from WordPress <= 9.1.0 - Cross-Site Request Forgery to Newsletter Unsubscription

Wordfence CVE

High 7.6

2025-12-16< 9.1.0

CVE-2025-67999

CVE Wordfence

Medium 4.8

2025-06-03< 8.8.2

Newsletter <= 8.8.1 - Authenticated (Admin+) Stored Cross-Site Scripting

EUVD Wordfence CVE

Medium 4.8

2025-05-05< 8.7.1

WordPress Newsletter Plugin < 8.7.1 is vulnerable to Cross Site Scripting (XSS)

Patchstack EUVD Wordfence CVE

Medium 6.1

2024-06-05< 8.3.5

CVE-2024-5317

CVE Wordfence Patchstack

Medium 5.4

2024-04-15< 8.0.7

CVE-2024-31434

CVE Wordfence Patchstack

Medium 5.3

2024-05-17< 8.2.1

CVE-2024-30522

CVE Wordfence Patchstack WPScan

N/A

2024-01-10< 8.0.7

Newsletter <= 8.0.6 - Cross-Site Request Forgery

Wordfence

Medium 5.4

2023-09-07< 7.9.0

CVE-2023-4772

CVE Patchstack Wordfence WPScan

N/A

< 3.0.9

Newsletter < 3.0.9 - SQL Injection

WPScan

N/A

< 3.2.7

Newsletter < 3.2.7 - Cross-Site Scripting (XSS)

WPScan

N/A

< 3.8.3

Newsletter 3.7.0 - Open Redirect

WPScan

N/A

< 6.5.4

Newsletter < 6.5.4 - CSV Injection

WPScan

N/A

< 6.7.7

Newsletter < 6.7.7 - Authenticated Stored Cross-Site Scripting

WPScan

Medium 6.1

2023-05-23< 7.6.9

CVE-2023-27922

CVE JVN WPScan

N/A

2023-03-29< 7.6.9

WordPress Newsletter Plugin <= 7.6.8 is vulnerable to Cross Site Scripting (XSS)

Patchstack

N/A

2023-03-27< 7.6.9

Newsletter <= 7.6.8 - Reflected Cross-Site Scripting

Wordfence

N/A

2013-05-14< 3.2.7

Newsletter <= 3.2.6 - Reflected Cross-Site Scripting

Wordfence

N/A

2015-03-30< 3.8.3

Newsletter <= 3.8.2 - Open Redirect

Wordfence

N/A

2020-03-16< 6.5.4

Newsletter <= 6.5.3 - CSV Injection

Wordfence

N/A

2020-07-12< 6.7.7

Newsletter <= 6.7.6 - Stored Cross-Site Scripting

Wordfence

N/A

2015-03-30< 3.8.3

WordPress Newsletter Plugin <= 3.7.0 - Open Redirection

Patchstack

Medium 4.8

2022-06-20< 7.4.6

CVE-2022-1889

CVE Wordfence WPScan

N/A

2022-05-17< 7.4.5

WordPress Newsletter plugin <= 7.4.4 - Reflected Cross-Site Scripting (XSS) vulnerability

Patchstack

N/A

2015-05-15< 3.2.7

WordPress Newsletter Plugin <= 3.2.6 - Cross Site Scripting

Patchstack

N/A

2015-10-18< 3.0.9

WordPress Newsletter Plugin <= 3.0.8 - SQL Injection

Patchstack

Medium 6.1

2022-07-25< 7.4.5

WordPress Plugin "Newsletter" vulnerable to cross-site scripting

JVN CVE Patchstack Wordfence WPScan

N/A

2020-07-12< 6.7.7

WordPress Newsletter plugin <= 6.7.6 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Patchstack

N/A

2021-03-16< 6.5.4

WordPress Newsletter plugin <= 6.5.3 - CSV Injection vulnerability

Patchstack

Medium 6.5

2021-01-01< 6.8.2

CVE-2020-35933

CVE Patchstack Wordfence WPScan

High 8.8

2021-01-01< 6.8.2

CVE-2020-35932

CVE Wordfence WPScan