MailPoet – Newsletters, Email Marketing, and Automation, PSC-2026-64647
- PSC, Research URL
- Published on
- Apr 24, 2026
- Research Description
- Email marketing plugins operate across several high-risk boundaries in WordPress because they combine subscriber data handling, admin-side campaign management, form collection and segmentation, scheduled and automated sending logic, and in some deployments external delivery infrastructure. Weaknesses in this class of plugin can lead to stored XSS in administrative interfaces, unauthorized access to subscriber information, misuse of automation workflows, or abuse of privileged settings that affect site communications and user trust. MailPoet version 5.23.2 has successfully completed the CleanTalk Plugin Security Certification process and received PSC-2026-64647, confirming that the plugin was reviewed from a secure code perspective with attention to the most common exploitation paths for newsletter, subscriber management, email automation, and WooCommerce email plugins.
- Affected versions
-
Min 5.23.2, max 5.23.2.
- Status
-
SAFE & CERTIFIED