Authorization Bypass in Email Subscribers & Newsletters Plugin for WordPress
CVE-2026-11592

4.3MEDIUM

What is CVE-2026-11592?

The Email Subscribers & Newsletters Plugin for WordPress has a vulnerability that allows authenticated attackers with contributor-level access or higher to bypass authorization checks. This lapse enables these attackers to manipulate key features of the plugin, including overwriting mail settings, creating and modifying audience lists, and dispatching mass emails. The lack of proper verification exposes the plugin to unauthorized control, making it essential for users to update to secure versions and review access permissions to mitigate risks.

Affected Version(s)

Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress 0 <= 5.9.27

References

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Dmitrii Ignatyev
.