SendPress Newsletters

Vulnerabilities 13Slug sendpressLatest version 1.26.1.20WordPress.org →

Minimum safe version

1.24.8.19

Update to 1.24.8.19 or later to address 8 fixable vulnerabilities

Latest available1.26.1.20 ⚠ 5 vulnerabilities have no fix
Medium 6.1 Unfixed
2024-04-08≤ 1.23.11.6

SendPress Newsletters <= 1.23.11.6 - Admin+ Stored XSS via Form Settings

CVEWPScan
Medium 6.8 Unfixed
2024-04-08≤ 1.23.11.6

SendPress Newsletters <= 1.23.11.6 - Admin+ Stored XSS via Settings

CVEWPScan
Medium 5.4
2024-12-13< 1.23.11.6

WordPress SendPress Newsletters Plugin <= 1.22.3.31 is vulnerable to Cross Site Scripting (XSS)

PatchstackCVEWordfenceWPScan
N/A
< 1.20.7.13

SendPress Newsletter &lt; 1.20.7.13 - Authenticated Stored Cross-Site Scripting (XSS)

WPScan
N/A
2015-07-23< 1.2

SendPress Newsletters < 1.2 - Cross-Site Scripting

Wordfence
N/A
2020-07-13< 1.20.7.13

SendPress Newsletters < 1.20.7.13 - Authenticated Stored Cross-Site Scripting

Wordfence
N/A
2015-07-23< 1.2

WordPress SendPress Plugin <= 1.1.7.21 - Authenticated SQL Injection

Patchstack
N/A
2020-07-13< 1.20.7.13

WordPress SendPress Newsletters plugin <= 1.20.7.10 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Patchstack