cleantalk
Vulnerabilities and Security Researches

Newsletter – Send awesome emails from WordPress, CVE-2026-1051

CVE, Research URL

CVE-2026-1051

Home page URL

Security reports for Newsletter – Send awesome emails from WordPress

Application

Newsletter – Send awesome emails from WordPress

Published on
Jan 20, 2026
Research Description
The Newsletter – Send awesome emails from WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 9.1.0. This is due to missing or incorrect nonce validation on the hook_newsletter_action() function. This makes it possible for unauthenticated attackers to unsubscribe newsletter subscribers via a forged request granted they can trick a logged-in user into performing an action such as clicking on a link.
Affected versions
max 9.1.1.
Status
vulnerable
Previous vulnerability researches
Germanized for WooCommerce (c7f8732ffdd5f3947de85d9aaed3c63d7a44299e) , Jun 07, 2024
Germanized for WooCommerce (CVE-2026-2582) , Apr 14, 2026
New vulnerability
Customer Reviews for WooCommerce (CVE-2026-1316) , Apr 15, 2026
WP Recipe Maker (CVE-2026-1558) , Apr 15, 2026
Page and Post Clone (CVE-2026-2893) , Apr 15, 2026
Greenshift – animation and page builder blocks (CVE-2026-2589) , Apr 15, 2026
Greenshift – animation and page builder blocks (CVE-2026-1927) , Apr 15, 2026