cleantalk
Vulnerabilities and Security Researches

Newsletter – Send awesome emails from WordPress, CVE-2026-1051

CVE, Research URL

CVE-2026-1051

Home page URL

Security reports for Newsletter – Send awesome emails from WordPress

Application

Newsletter – Send awesome emails from WordPress

Published on
Jan 20, 2026
Research Description
The Newsletter – Send awesome emails from WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 9.1.0. This is due to missing or incorrect nonce validation on the hook_newsletter_action() function. This makes it possible for unauthenticated attackers to unsubscribe newsletter subscribers via a forged request granted they can trick a logged-in user into performing an action such as clicking on a link.
Affected versions
max 9.1.1.
Status
vulnerable
Previous vulnerability researches
Secure Copy Content Protection and Content Locking (CVE-2025-14159) , Jan 11, 2026
Secure Copy Content Protection and Content Locking (CVE-2025-14442) , Jan 11, 2026
Secure Copy Content Protection and Content Locking (CVE-2025-30905) , Apr 04, 2025
Secure Copy Content Protection and Content Locking (CVE-2025-1404) , Mar 02, 2025
Secure Copy Content Protection and Content Locking (CVE-2026-25335) , Feb 27, 2026
New vulnerability
Customer Reviews for WooCommerce (CVE-2026-1316) , Apr 15, 2026
WP Recipe Maker (CVE-2026-1558) , Apr 15, 2026
Page and Post Clone (CVE-2026-2893) , Apr 15, 2026
Greenshift – animation and page builder blocks (CVE-2026-2589) , Apr 15, 2026
Greenshift – animation and page builder blocks (CVE-2026-1927) , Apr 15, 2026