MailPoet – Newsletters, Email Marketing, and Automation, PSC-2026-64629
- PSC, Research URL
- Published on
- Mar 17, 2026
- Research Description
- Email marketing plugins are high-value targets because they centralize subscriber data, campaign content, and automation logic inside WordPress, often alongside WooCommerce purchase signals and transactional email customization. That combination creates multiple security-sensitive surfaces: admin dashboards, form endpoints, stored templates that render HTML, scheduled jobs, and integrations with sending methods (SMTP/SES/SendGrid or vendor sending services). Weaknesses here commonly translate into stored XSS in templates/forms, CSRF-driven configuration changes, unauthorized access to subscriber lists, or leakage of integration metadata. MailPoet – Newsletters, Email Marketing, and Automation version 5.22.1 has successfully completed the CleanTalk Plugin Security Certification process and received PSC-2026-64629, confirming that the plugin was reviewed from a secure code perspective with attention to the most common exploitation paths for newsletter, automation, and WooCommerce email workflows.
- Affected versions
-
Min 5.22.2, max 5.22.2.
- Status
-
SAFE & CERTIFIED