cleantalk
Vulnerabilities and Security Researches

Simple Newsletter Plugin – Noptin, CVE-2021-25033

CVE, Research URL

CVE-2021-25033

Home page URL

Security reports for Simple Newsletter Plugin – Noptin

Application

Simple Newsletter Plugin – Noptin

Published on
Feb 14, 2022
Research Description
The WordPress Newsletter Plugin WordPress plugin before 1.6.5 does not validate the to parameter before redirecting the user to its given value, leading to an open redirect issue
Affected versions
max 1.6.5.
Status
vulnerable
Previous vulnerability researches
Simple Newsletter Plugin – Noptin (CVE-2024-37456) , Jul 04, 2024
Simple Newsletter Plugin – Noptin (CVE-2025-49871) , Jun 16, 2025
Simple Newsletter Plugin – Noptin (CVE-2022-46803) , Jun 06, 2024
Simple Newsletter Plugin – Noptin (CVE-2021-25033) , Jun 06, 2024
New vulnerability
GitHub Gist Shortcode Plugin (CVE-2025-12667) , Dec 12, 2025
Cryptocurrency Payment Gateway for WooCommerce (CVE-2025-12392) , Dec 12, 2025
Wbcom Designs – Private Community for BuddyPress (CVE-2025-67582) , Dec 12, 2025
WP-Walla (CVE-2025-12589) , Dec 12, 2025
Master Addons for Elementor (CVE-2025-63055) , Dec 12, 2025