CVE Catalog

CVE-2026-57645

HighCVSS 8.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.19%

9th percentile — higher than 9% of all known CVEs

Summary

The vulnerability in the Newsletters plugin up to version 4.13 allows unauthorized access to subscriber management functions. The lack of proper access control enables an attacker to manipulate subscriber data without required permissions.

Risk Assessment

The risk involves unauthorized reading, modification, or deletion of subscriber lists, potentially leading to user privacy breaches and loss of system trust.

Recommendation

Immediately update the Newsletters plugin to version 4.14 or later, which includes a fix for the broken access control vulnerability.

Original NVD description (English source)

newsletters_subscribers Broken Access Control in Newsletters <= 4.13 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS