CVE Catalog
CVE-2026-54840
HighCVSS 7.3Exploitation Probability (EPSS)
Low risk0.21%
12th percentile — higher than 12% of all known CVEs
Summary
The Newsletters plugin versions up to 4.13 contain an unauthenticated broken access control vulnerability. An attacker without authentication can exploit this flaw to gain unauthorized access to plugin functions.
Risk Assessment
The risk involves the possibility of unauthorized operations by an unauthenticated attacker, potentially leading to data confidentiality or integrity breaches.
Recommendation
It is recommended to immediately update the Newsletters plugin to a version newer than 4.13, which includes a fix for this vulnerability.
Original NVD description (English source)
Unauthenticated Broken Access Control in Newsletters <= 4.13 versions.

