Stored Cross-Site Scripting Vulnerability in Newsletters Plugin for WordPress
CVE-2025-2009
7.2HIGH
What is CVE-2025-2009?
The Newsletters plugin for WordPress has a vulnerability that allows stored cross-site scripting due to inadequate sanitization and output escaping in its logging functionality. This flaw permits unauthenticated attackers to inject malicious web scripts, which will execute when users access affected pages. Versions up to and including 4.9.9.7 are susceptible, emphasizing the importance of timely updates and security practices to protect users.
Affected Version(s)
Newsletters * <= 4.9.9.7