cleantalk
Vulnerabilities and Security Researches

Newsletter – Send awesome emails from WordPress, CVE-2022-1889

CVE, Research URL

CVE-2022-1889

Home page URL

Security reports for Newsletter – Send awesome emails from WordPress

Application

Newsletter – Send awesome emails from WordPress

Published on
Jun 20, 2022
Research Description
The Newsletter WordPress plugin before 7.4.6 does not escape and sanitise the preheader_text setting, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfilteredhtml is disallowed
Affected versions
Min -, max 7.6.9.
Status
vulnerable
Previous vulnerability researches
ENL Newsletter (CVE-2014-4939) , Jun 10, 2024
ENL Newsletter (CVE-2024-3060) , Jun 10, 2024
ENL Newsletter (CVE-2024-3058) , Jun 10, 2024
ENL Newsletter (CVE-2024-3059) , Jun 10, 2024
WP Newsletter Subscription (CVE-2024-44012) , Sep 28, 2024
New vulnerability
CarDealerPress (CVE-2025-3860) , May 08, 2025
Crossword Compiler Puzzles (CVE-2025-46493) , May 08, 2025
Frontend Dashboard (CVE-2025-4104) , May 08, 2025
Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce (CVE-2025-0671) , May 08, 2025
Pods – Custom Content Types and Fields (CVE-2025-1446) , May 08, 2025