cleantalk
Vulnerabilities and Security Researches

Newsletter – Send awesome emails from WordPress, CVE-2025-3581

CVE, Research URL

CVE-2025-3581

Home page URL

Security reports for Newsletter – Send awesome emails from WordPress

Application

Newsletter – Send awesome emails from WordPress

Published on
Jun 09, 2025
Research Description
The Newsletter WordPress plugin before 8.8.5 does not validate and escape some of its Widget options before outputting them back in a page/post where the block is embed, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Affected versions
max 8.8.5.
Status
vulnerable
Previous vulnerability researches
WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts (CVE-2025-3100) , Apr 09, 2025
WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts (CVE-2025-58269) , Apr 24, 2026
WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts (CVE-2023-40003) , Jun 10, 2024
WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts (CVE-2024-10174) , Nov 13, 2024
WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts (CVE-2023-3636) , Jun 07, 2024
New vulnerability
Kikote – Location Picker at Checkout & Google Address AutoFill Plugin for WooCommerce (CVE-2023-33999) , Jun 14, 2026
J Cart Upsell and Cross-sell for WooCommerce (CVE-2023-33999) , Jun 14, 2026
Super Testimonials (CVE-2024-38344) , Jun 14, 2026
AI Engine (CVE-2026-23802) , Jun 14, 2026
Accordion and Accordion Slider (CVE-2023-40200) , Jun 14, 2026