CVE Catalog

CVE-2026-54840

HighCVSS 7.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.21%

12th percentile — higher than 12% of all known CVEs

Summary

The Newsletters plugin versions up to 4.13 contain an unauthenticated broken access control vulnerability. An attacker without authentication can exploit this flaw to gain unauthorized access to plugin functions.

Risk Assessment

The risk involves the possibility of unauthorized operations by an unauthenticated attacker, potentially leading to data confidentiality or integrity breaches.

Recommendation

It is recommended to immediately update the Newsletters plugin to a version newer than 4.13, which includes a fix for this vulnerability.

Original NVD description (English source)

Unauthenticated Broken Access Control in Newsletters <= 4.13 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS