After recently patching a vulnerability last month, Newsletter, a WordPress plugin installed in over 300,000 websites, was discovered to have two additional, more serious vulnerabilities, a Cross-Site Scripting(XSS) vulnerability and a PHP Object Injection vulnerability.

After receiving the report, the plugin developers immediately released another update to patch those two specific vulnerabilities.

We strongly recommend updating to the latest version of the Newsletter plugin as soon as possible. As of this writing, that is version 6.8.3.

For more information please check the official public release.

If you have questions, don’t hesitate to contact our support team.

People that read this article also liked

Critical Vulnerabilities Found on PageLayer Page Builder Plugin WordPress Websites Security Breach – Outbreak of Malicious File Attacks Outdated WPBakery Plugin Critical Security Risk to Millions of Sites WordPress 5.7 “Esperanza” + WooCommerce 5.1 Released