Broken Access Control in Newsletters Plugin by WordPress
CVE-2026-57645

8.1HIGH

Key Information:

Vendor

WordPress
Status
Newsletters
Vendor
CVE Published:
26 June 2026

What is CVE-2026-57645?

A broken access control vulnerability exists in the Newsletters plugin for WordPress versions 4.13 and earlier. This issue allows unauthorized users to access sensitive functionalities, potentially leading to information disclosure or data manipulation. It is essential for users employing this plugin to check their version and implement necessary security measures to mitigate risks.

Affected Version(s)

Newsletters <= 4.13

References

https://patchstack.com/database/wordpress/plugin/newslett...
vdb-entry

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Prodigysec | Patchstack Bug Bounty Program
.