Does Newsletters have any unpatched vulnerabilities?

No. All known vulnerabilities in Newsletters have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Newsletters compatible with WordPress 6.9.4?

According to WordPress.org data, Newsletters 4.13 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

How often is Newsletters updated?

Newsletters was last updated on Feb 3, 2026. Frequent updates are generally a positive security signal.

What is Newsletters's security score?

Newsletters has a WP-Safety security score of 76/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Newsletters Security & Risk Analysis

wordpress.org/plugins/newsletters-lite

Newsletter plugin for WordPress to capture subscribers and send beautiful, bulk newsletter emails.

2K active installs v4.13 PHP + WP 3.8+ Updated Feb 3, 2026

bulk-emailemailmailing-listnewsletterssubscribers

B · Generally Safe

CVEs total26

Unpatched0

Last CVEDec 31, 2025

Plugin page Download

Safety Verdict

Is Newsletters Safe to Use in 2026?

Mostly Safe

Score 76/100

Newsletters is generally safe to use. 26 past CVEs were resolved. Keep it updated.

26 known CVEsLast CVE: Dec 31, 2025Updated 1mo ago

Risk Assessment

The "newsletters-lite" plugin version 4.13 presents a mixed security posture. On one hand, it demonstrates good practices in its handling of SQL queries, with 91% using prepared statements, and a high percentage of output escaping (84%). The presence of capability checks and nonce checks, albeit limited, also indicates an awareness of security principles. However, significant concerns arise from the substantial attack surface, particularly the 79 unprotected AJAX handlers. This large number of entry points without proper authentication or authorization mechanisms is a primary risk factor.

The static analysis highlights the use of dangerous functions like 'unserialize', which can be exploited if user input is not properly sanitized, and a taint analysis revealed a high-severity flow with unsanitized paths. The plugin's history of 26 known CVEs, including critical and high-severity vulnerabilities such as deserialization, RFI, SQL injection, and XSS, is a major red flag. While there are currently no unpatched CVEs, this extensive history suggests a pattern of introducing vulnerabilities, even if they are subsequently addressed. The last reported vulnerability date is also unusually far in the future, which may indicate a data anomaly.

In conclusion, while the plugin shows some good coding practices, the combination of a large unprotected attack surface, the presence of dangerous functions, and a history of numerous critical and high-severity vulnerabilities necessitates a cautious approach. The plugin is at a moderate to high risk due to the potential for exploitation of its numerous unprotected AJAX handlers and the historical propensity for serious security flaws.

Key Concerns

Large unprotected AJAX attack surface
Use of dangerous function: unserialize
High severity taint flow found
Vulnerability history: 2 critical CVEs
Vulnerability history: 6 high CVEs
Vulnerability history: 18 medium CVEs
Limited nonce checks
Bundled outdated library: Guzzle v1.1

Vulnerabilities

Newsletters Security Vulnerabilities

CVEs by Year

2 CVEs in 2017

2017

1 CVE in 2018

2018

2 CVEs in 2019

2019

2 CVEs in 2023

2023

10 CVEs in 2024

2024

9 CVEs in 2025

2025

Patched Has unpatched

Severity Breakdown

Critical

High

Medium

26 total CVEs

CVE-2025-67911high · 8.1Deserialization of Untrusted Data

Newsletters <= 4.11 - Unauthenticated PHP Object Injection

Dec 31, 2025 Patched in 4.12 (15d)

CVE-2025-69020medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Newsletters <= 4.12 - Authenticated (Contributor+) Stored Cross-Site Scripting

Dec 28, 2025 Patched in 4.13 (41d)

CVE-2025-54034high · 8.1Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Newsletters <= 4.10 - Unauthenticated Local File Inclusion

Jul 29, 2025 Patched in 4.11 (7d)

CVE-2025-54035medium · 4.3Cross-Site Request Forgery (CSRF)

Newsletters <= 4.10 - Cross-Site Request Forgery

Jul 16, 2025 Patched in 4.11 (6d)

CVE-2025-4857high · 7.2Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Newsletters <= 4.9.9.9 - Authenticated (Administrator+) Local File Inclusion

May 30, 2025 Patched in 4.10 (1d)

CVE-2025-3107medium · 6.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Newsletters <= 4.9.9.8 - Authenticated (Contributor+) SQL Injection orderby Parameter

May 12, 2025 Patched in 4.9.9.9 (1d)

CVE-2025-30921medium · 4.9Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Newsletters <= 4.9.9.7 - Authenticated (Administrator+) SQL Injection

Mar 27, 2025 Patched in 4.9.9.8 (8d)

CVE-2025-2009high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Newsletters <= 4.9.9.7 - Unauthenticated Stored Cross-Site Scripting

Mar 25, 2025 Patched in 4.9.9.8 (1d)

CVE-2024-13739medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Newsletters <= 4.9.9.7 - Reflected Cross-Site Scripting via To Parameter

Mar 21, 2025 Patched in 4.9.9.8 (1d)

CVE-2025-24599medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Newsletters <= 4.9.9.6 - Reflected Cross-Site Scripting

Dec 26, 2024 Patched in 4.9.9.7 (63d)

CVE-2024-10181medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Newsletters <= 4.9.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via newsletters_video Shortcode

Oct 28, 2024 Patched in 4.9.9.5 (1d)

CVE-2024-47346medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Newsletters <= 4.9.9.1 - Reflected Cross-Site Scripting

Sep 27, 2024 Patched in 4.9.9.2 (7d)

CVE-2024-8247high · 8.8Improper Privilege Management

Newsletters <= 4.9.9.2 - Authenticated Privilege Escalation

Sep 5, 2024 Patched in 4.9.9.3 (1d)

CVE-2024-43279medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Newsletters <= 4.9.8 - Reflected Cross-Site Scripting

Aug 16, 2024 Patched in 4.9.9 (7d)

CVE-2024-7411medium · 5.3Exposure of Sensitive Information to an Unauthorized Actor

Newsletters <= 4.9.9 - Unauthenticated Full Path Disclosure

Aug 14, 2024 Patched in 4.9.9.1 (1d)

CVE-2024-37227medium · 4.3Cross-Site Request Forgery (CSRF)

Newsletters <= 4.9.7 - Cross-Site Request Forgery

Jun 21, 2024 Patched in 4.9.8 (7d)

CVE-2024-35718medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Newsletters <= 4.9.5 - Reflected Cross-Site Scripting

Jun 6, 2024 Patched in 4.9.6 (8d)

CVE-2024-32953medium · 5.3Insertion of Sensitive Information into Log File

Newsletters <= 4.9.5 - Information Exposure via Log files

Apr 22, 2024 Patched in 4.9.6 (8d)

CVE-2024-32954critical · 9.1Unrestricted Upload of File with Dangerous Type

Newsletters <= 4.9.5 - Authenticated (Admin+) Arbitrary File Upload

Apr 22, 2024 Patched in 4.9.6 (8d)

CVE-2023-4797medium · 6.6Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Newsletter Lite <= 4.9.2 - Authenticated (Admin+) Command Injection

Oct 5, 2023 Patched in 4.9.3 (126d)

CVE-2023-30478medium · 5.4Cross-Site Request Forgery (CSRF)

Newsletters <= 4.8.8 - Cross-Site Request Forgery

Apr 13, 2023 Patched in 4.8.9 (365d)

CVE-2019-14788high · 8.8Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Newsletters <= 4.6.18 - Directory Traversal

Jul 1, 2019 Patched in 4.6.19 (1873d)

CVE-2019-14787medium · 5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Newsletters <= 4.6.18 - Cross-Site Scripting via contentarea Parameter

Jul 1, 2019 Patched in 4.6.19 (1667d)

CVE-2018-20987critical · 9.8Deserialization of Untrusted Data

Newsletters <= 4.6.8.5 - Object Injection

Mar 12, 2018 Patched in 4.6.8.6 (2143d)

WF-5cba7026-04e4-4ace-9298-0177902b7529-newsletters-litemedium · 5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Newsletters <= 4.6.4.2 - Reflected Cross-Site Scripting

May 29, 2017 Patched in 4.6.5.3 (2430d)

WF-8e0e6fdd-49d2-404a-83e8-c4884bbe7088-newsletters-litemedium · 4.9Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Newsletters <= 4.6.4.2 - Directory Traversal

May 29, 2017 Patched in 4.6.4.3 (2430d)

Code Analysis

Analyzed Mar 16, 2026

Newsletters Code Analysis

Dangerous Functions

Raw SQL Queries

176 prepared

Unescaped Output

1318

7008 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserializeextract(unserialize($partial));vendors\dkim\Crypt\RSA.php:548

unserialize<?php $date = @unserialize($subscriber -> {$field -> slug}); ?>views\admin\subscribers\view.php:133

Bundled Libraries

Select2TinyMCEGuzzle1.1

SQL Query Safety

91% prepared194 total queries

Output Escaping

84% escaped8326 total outputs

Data Flows

29 unsanitized

Data Flow Analysis

25 flows29 with unsanitized paths

<loop> (views\admin\orders\loop.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

79 unprotected

Newsletters Attack Surface

Entry Points99

Unprotected79

AJAX Handlers 79

authwp_ajax_wpmlserialkeyincludes\checkinit.php:17

authwp_ajax_newsletters_importfileincludes\checkinit.php:188

authwp_ajax_newsletters_importmediaincludes\checkinit.php:189

authwp_ajax_newsletters_forms_createformincludes\checkinit.php:194

authwp_ajax_newsletters_forms_addfieldincludes\checkinit.php:195

authwp_ajax_newsletters_forms_deletefieldincludes\checkinit.php:196

authwp_ajax_newsletters_admin_modeincludes\checkinit.php:198

authwp_ajax_newsletters_change_themefolderincludes\checkinit.php:199

authwp_ajax_newsletters_delete_optionincludes\checkinit.php:200

authwp_ajax_newsletters_pause_queueincludes\checkinit.php:201

authwp_ajax_newsletters_autocomplete_historiesincludes\checkinit.php:202

authwp_ajax_newsletters_autocomplete_usersincludes\checkinit.php:203

authwp_ajax_newsletters_load_new_editorincludes\checkinit.php:204

authwp_ajax_newsletters_latestposts_saveincludes\checkinit.php:205

authwp_ajax_newsletters_latestposts_changestatusincludes\checkinit.php:206

authwp_ajax_newsletters_latestposts_settingsincludes\checkinit.php:207

authwp_ajax_newsletters_latestposts_deleteincludes\checkinit.php:208

authwp_ajax_newsletters_latestposts_clearhistoryincludes\checkinit.php:209

authwp_ajax_newsletters_mailinglist_saveincludes\checkinit.php:211

authwp_ajax_newsletters_get_countryincludes\checkinit.php:212

authwp_ajax_newsletters_order_fieldsincludes\checkinit.php:214

authwp_ajax_newsletters_themeeditincludes\checkinit.php:215

authwp_ajax_newsletters_deletecontentareaincludes\checkinit.php:216

authwp_ajax_newsletters_subscribercountdisplayincludes\checkinit.php:218

authwp_ajax_wpmltestsettingsincludes\checkinit.php:219

authwp_ajax_newsletters_mailapi_amazonses_actionincludes\checkinit.php:220

authwp_ajax_newsletters_mailapi_mailgun_actionincludes\checkinit.php:221

authwp_ajax_newsletters_mailapi_mandrill_keytestincludes\checkinit.php:222

authwp_ajax_wpmldkimwizardincludes\checkinit.php:223

authwp_ajax_wpmltestbouncesettingsincludes\checkinit.php:224

authwp_ajax_wpmlhistoryiframeincludes\checkinit.php:225

authwp_ajax_newsletters_history_downloadincludes\checkinit.php:226

authwp_ajax_subscribercountincludes\checkinit.php:227

authwp_ajax_subscribercount_blockeditorincludes\checkinit.php:228

authwp_ajax_newsletters_autosaveincludes\checkinit.php:229

authwp_ajax_newsletter_drag_and_drop_builder_saveincludes\checkinit.php:230

authwp_ajax_newsletters_autosave_blockeditorincludes\checkinit.php:231

authwp_ajax_newsletters_spamscore_blockeditorincludes\checkinit.php:234

authwp_ajax_newsletters_gaugeincludes\checkinit.php:235

authwp_ajax_wpmllatestposts_previewincludes\checkinit.php:236

authwp_ajax_newsletters_lpspostsincludes\checkinit.php:237

authwp_ajax_newsletters_delete_lps_postincludes\checkinit.php:238

authwp_ajax_wpmlwelcomestatsincludes\checkinit.php:239

authwp_ajax_newsletters_executemultipleincludes\checkinit.php:240

authwp_ajax_newsletters_queuemultipleincludes\checkinit.php:241

authwp_ajax_wpmlsetvariablesincludes\checkinit.php:242

authwp_ajax_newsletters_getpostsincludes\checkinit.php:243

authwp_ajax_newsletters_api_newkeyincludes\checkinit.php:244

authwp_ajax_newsletters_get_templateincludes\checkinit.php:245

authwp_ajax_newsletters_dismissed_noticeincludes\checkinit.php:253

authwp_ajax_newsletters_dismiss_forever_noticeincludes\checkinit.php:254

authwp_ajax_newsletters_apiincludes\checkinit.php:256

noprivwp_ajax_newsletters_apiincludes\checkinit.php:257

authwp_ajax_wpmlsubscribeincludes\checkinit.php:258

noprivwp_ajax_wpmlsubscribeincludes\checkinit.php:259

authwp_ajax_newsletters_managementactivateincludes\checkinit.php:260

noprivwp_ajax_newsletters_managementactivateincludes\checkinit.php:261

authwp_ajax_managementsubscribeincludes\checkinit.php:262

noprivwp_ajax_managementsubscribeincludes\checkinit.php:263

authwp_ajax_managementcurrentsubscriptionsincludes\checkinit.php:264

noprivwp_ajax_managementcurrentsubscriptionsincludes\checkinit.php:265

authwp_ajax_managementnewsubscriptionsincludes\checkinit.php:266

noprivwp_ajax_managementnewsubscriptionsincludes\checkinit.php:267

authwp_ajax_managementsavefieldsincludes\checkinit.php:268

noprivwp_ajax_managementsavefieldsincludes\checkinit.php:269

authwp_ajax_managementcustomfieldsincludes\checkinit.php:270

noprivwp_ajax_managementcustomfieldsincludes\checkinit.php:271

authwp_ajax_newsletters_importmultipleincludes\checkinit.php:272

authwp_ajax_newsletters_exportmultipleincludes\checkinit.php:273

authwp_ajax_wpmlgetlistfieldsincludes\checkinit.php:274

noprivwp_ajax_wpmlgetlistfieldsincludes\checkinit.php:275

authwp_ajax_newsletters_builderonincludes\checkinit.php:276

authwp_ajax_newsletters_get_post_type_categoriesincludes\checkinit.php:277

authwp_ajax_newsletters_posts_by_categoryincludes\checkinit.php:278

authwp_ajax_newsletters_template_iframeincludes\checkinit.php:279

authwp_ajax_newsletters_form_previewincludes\checkinit.php:280

authwp_ajax_newsletters_builderonincludes\checkinit.php:281

authwp_ajax_newsletters_apiwp-mailinglist-api.php:324

noprivwp_ajax_newsletters_apiwp-mailinglist-api.php:325

Shortcodes 20

[newsletters_video] includes\checkinit.php:159

[newsletters_bloginfo] includes\checkinit.php:160

[newsletters_pluginurl] includes\checkinit.php:161

[newsletters_management] includes\checkinit.php:162

[newsletters_subscribe] includes\checkinit.php:163

[newsletters_subscribe_link] includes\checkinit.php:164

[newsletters_authenticate] includes\checkinit.php:165

[newsletters_activate] includes\checkinit.php:166

[newsletters_template] includes\checkinit.php:167

[newsletters_snippet] includes\checkinit.php:168

[newsletters_history] includes\checkinit.php:169

[newsletters_meta] includes\checkinit.php:170

[newsletters_date] includes\checkinit.php:171

[newsletters_post] includes\checkinit.php:172

[newsletters_sendas] includes\checkinit.php:173

[newsletters_posts] includes\checkinit.php:174

[newsletters_post_permalink] includes\checkinit.php:175

[newsletters_subscriberscount] includes\checkinit.php:176

[newsletters_woocommerce_products] includes\checkinit.php:177

[newsletters_if] includes\checkinit.php:186

WordPress Hooks 105

filterexcerpt_lengthhelpers\shortcode.php:867

filterexcerpt_morehelpers\shortcode.php:868

filterpost_password_requiredhelpers\shortcode.php:869

filterthe_content_more_linkhelpers\shortcode.php:870

filterexcerpt_lengthhelpers\shortcode.php:928

filterexcerpt_morehelpers\shortcode.php:929

filterpost_password_requiredhelpers\shortcode.php:930

filterthe_content_more_linkhelpers\shortcode.php:931

actionadmin_enqueue_scriptsincludes\checkinit.php:23

actionadmin_enqueue_scriptsincludes\checkinit.php:24

actionadmin_noticesincludes\checkinit.php:25

actioninitincludes\checkinit.php:26

actionadmin_menuincludes\checkinit.php:27

filtermedia_send_to_editorincludes\checkinit.php:42

filterattachment_fields_to_saveincludes\checkinit.php:43

filterattachment_fields_to_editincludes\checkinit.php:44

actionregister_formincludes\checkinit.php:50

actionadmin_menuincludes\checkinit.php:51

actionadmin_menuincludes\checkinit.php:52

actionadmin_headincludes\checkinit.php:53

actionadmin_head-index.phpincludes\checkinit.php:54

filterset-screen-optionincludes\checkinit.php:55

actionwidgets_initincludes\checkinit.php:56

actionwp_headincludes\checkinit.php:57

actionwp_footerincludes\checkinit.php:58

actionadmin_footerincludes\checkinit.php:59

actiondelete_userincludes\checkinit.php:60

actionuser_registerincludes\checkinit.php:61

actionsave_postincludes\checkinit.php:62

actiondelete_postincludes\checkinit.php:63

actiontrashed_postincludes\checkinit.php:64

actioninitincludes\checkinit.php:65

actioninitincludes\checkinit.php:66

actioninitincludes\checkinit.php:67

actionwp_loginincludes\checkinit.php:68

actionwp_logoutincludes\checkinit.php:69

actioninitincludes\checkinit.php:70

actionplugins_loadedincludes\checkinit.php:71

actionsave_postincludes\checkinit.php:74

actionadmin_headincludes\checkinit.php:75

actionadmin_footerincludes\checkinit.php:76

actionedit_form_topincludes\checkinit.php:77

filterpost_updated_messagesincludes\checkinit.php:78

filterget_user_option_meta-box-order_newsletterincludes\checkinit.php:79

filtermanage_users_columnsincludes\checkinit.php:81

actionmanage_users_custom_columnincludes\checkinit.php:82

filterdefault_hidden_columnsincludes\checkinit.php:83

actionnewsletters_ratereviewhookincludes\checkinit.php:86

actionnewsletters_upgradehookincludes\checkinit.php:87

actionnewsletters_countrieshookincludes\checkinit.php:88

actionnewsletters_optimizehookincludes\checkinit.php:89

actionnewsletters_emailarchivehookincludes\checkinit.php:90

actionnewsletters_latestpostsincludes\checkinit.php:93

actiondo_meta_boxesincludes\checkinit.php:98

actionadmin_noticesincludes\checkinit.php:99

actionadmin_initincludes\checkinit.php:100

actionadmin_initincludes\checkinit.php:101

actionadmin_initincludes\checkinit.php:102

actionphpmailer_initincludes\checkinit.php:103

actionprofile_updateincludes\checkinit.php:104

actioncomment_formincludes\checkinit.php:105

actionwp_insert_commentincludes\checkinit.php:106

actionwp_enqueue_scriptsincludes\checkinit.php:107

actionadmin_enqueue_scriptsincludes\checkinit.php:108

actionadmin_enqueue_scriptsincludes\checkinit.php:109

actionwp_enqueue_scriptsincludes\checkinit.php:110

actionadmin_enqueue_scriptsincludes\checkinit.php:111

actionwp_dashboard_setupincludes\checkinit.php:112

actionadmin_post_wpml_resend_emailincludes\checkinit.php:115

filteradmin_footer_textincludes\checkinit.php:119

filtercron_schedulesincludes\checkinit.php:122

filterscreen_settingsincludes\checkinit.php:123

filterplugin_action_linksincludes\checkinit.php:124

filterthe_editorincludes\checkinit.php:125

filtertiny_mce_before_initincludes\checkinit.php:126

filterthe_contentincludes\checkinit.php:127

filterupload_mimesincludes\checkinit.php:128

filterwp_check_filetype_and_extincludes\checkinit.php:129

filterblock_editor_settings_allincludes\checkinit.php:130

actioninstall_plugins_pre_plugin-informationincludes\checkinit.php:135

actionplugin_row_metaincludes\checkinit.php:136

filtergettextincludes\checkinit.php:140

filternewsletters_process_set_variables_user_messageincludes\checkinit.php:250

filternewsletters_process_set_variables_subscriber_messageincludes\checkinit.php:251

filternewsletters_sectionsmodels\newsletter.php:16

actionnewsletters_admin_menumodels\newsletter.php:18

actionadmin_bar_menumodels\newsletter.php:19

filterwpml_mailinglist_validationmodels\newsletter.php:20

filterwpml_sendmail_validationmodels\newsletter.php:21

filterwpml_subscriber_validationmodels\newsletter.php:22

filternewsletters_field_validationmodels\newsletter.php:23

actionplugins_loadedmodels\newsletter.php:391

filterget_the_image_post_contentvendors\gettheimage.php:97

filterget_the_image_post_contentvendors\gettheimage.php:98

filterthe_contentvendors\gettheimage.php:200

filtercron_schedulesvendors\processing\wp-background-process.php:69

actionmedia_buttonsviews\admin\send.php:383

actionmedia_buttonsviews\admin\send.php:410

filternewsletters_default_stylesviews\default\functions.php:147

filternewsletters_default_scriptsviews\default\functions.php:148

actionnewsletters_enqueuescript_afterviews\default\functions.php:149

filternewsletters_default_stylesviews\default2\functions.php:259

filternewsletters_default_scriptsviews\default2\functions.php:260

actionnewsletters_enqueuescript_afterviews\default2\functions.php:261

filternewsletters_datepicker_outputviews\default2\functions.php:262

Maintenance & Trust

Newsletters Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 3, 2026

PHP min version

Downloads300K

Community Trust

Rating94/100

Number of ratings244

Active installs2K

Alternatives

Newsletters Alternatives

Mailster Gravity Forms

mailster-gravity-forms

Integrates Mailster Newsletter Plugin with Gravity Forms to subscribe users with a Gravity Form.

900 No CVEs

MailRush.io Forms

mailrush-io-forms

100

Add Subscription Forms to WordPress. Send transactional Emails and Automate your email marketing efforts.

10 No CVEs

CN Blog Mailer

cn-blog-mailer

100

Simple automated newsletter plugin for WordPress. Automatically email your latest blog posts to subscribers with scheduled newsletters, subscription f …

0 No CVEs

FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution

fluent-crm

The easiest and fastest Email Marketing, Newsletter, Marketing Automation Plugin & CRM Solution for WordPress

70K 3 CVEs

Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress

email-subscribers

Add subscription forms on the website and send newsletters & automatically send post notification about new blog posts once it gets published.

60K 42 CVEs

Developer Profile

Newsletters Developer Profile

Tribulant Software

7 plugins · 19K total installs

trust score

Avg Security Score

89/100

Avg Patch Time

803 days

View full developer profile

Detection Fingerprints

How We Detect Newsletters

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/newsletters-lite/assets/css/wysiwyg.css/wp-content/plugins/newsletters-lite/assets/css/wysiwyg.responsive.css/wp-content/plugins/newsletters-lite/assets/css/tinymce.css/wp-content/plugins/newsletters-lite/assets/js/colorpicker.js/wp-content/plugins/newsletters-lite/assets/js/tinymce.js/wp-content/plugins/newsletters-lite/assets/js/jquery.validate.min.js/wp-content/plugins/newsletters-lite/assets/js/jquery.form.js/wp-content/plugins/newsletters-lite/assets/js/jquery.multiselect.js+9 more

Script Paths

/wp-content/plugins/newsletters-lite/assets/js/colorpicker.js/wp-content/plugins/newsletters-lite/assets/js/tinymce.js/wp-content/plugins/newsletters-lite/assets/js/jquery.validate.min.js/wp-content/plugins/newsletters-lite/assets/js/jquery.form.js/wp-content/plugins/newsletters-lite/assets/js/jquery.multiselect.js/wp-content/plugins/newsletters-lite/assets/js/jquery.simple-color.min.js+8 more

Version Parameters

newsletters-lite/assets/css/wysiwyg.css?ver=newsletters-lite/assets/css/wysiwyg.responsive.css?ver=newsletters-lite/assets/css/tinymce.css?ver=newsletters-lite/assets/js/colorpicker.js?ver=newsletters-lite/assets/js/tinymce.js?ver=newsletters-lite/assets/js/jquery.validate.min.js?ver=newsletters-lite/assets/js/jquery.form.js?ver=newsletters-lite/assets/js/jquery.multiselect.js?ver=newsletters-lite/assets/js/jquery.simple-color.min.js?ver=newsletters-lite/assets/js/jquery.placeholder.js?ver=newsletters-lite/assets/js/jquery.datetimepicker.js?ver=newsletters-lite/assets/js/select2.min.js?ver=newsletters-lite/assets/js/common.js?ver=newsletters-lite/assets/js/newsletter-subscribe.js?ver=newsletters-lite/assets/js/subscriptions.js?ver=newsletters-lite/assets/js/manage.js?ver=newsletters-lite/assets/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

wpml_subscriber_formwpml_form_labelwpml_form_inputnewsletter-subscribenewsletter-subscribe-button

HTML Comments

Data Attributes

data-error-messagedata-success-messagedata-redirectdata-hide-on-successdata-show-errorsdata-nonce+2 more

JS Globals

wpml_tinymce_configwpml_simple_color_configwpml_datetimepicker_configwpml_select2_confignewsletters_lite_subscriber_params

REST Endpoints

/wp-json/newsletters-lite/v1/subscribe

Shortcode Output

[newsletter-subscribe

FAQ

Newsletters Security & Risk Analysis

Is Newsletters Safe to Use in 2026?

Mostly Safe

Key Concerns

Newsletters Security Vulnerabilities

CVEs by Year

Severity Breakdown

Newsletters Code Analysis

Dangerous Functions Found

Bundled Libraries

SQL Query Safety

Output Escaping

Data Flow Analysis

Newsletters Attack Surface

AJAX Handlers 79

Shortcodes 20

Newsletters Maintenance & Trust

Maintenance Signals

Community Trust

Newsletters Alternatives

Mailster Gravity Forms

MailRush.io Forms

CN Blog Mailer

FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution

Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress

Newsletters Developer Profile

How We Detect Newsletters

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Newsletters