CVE Catalog
CVE-2026-57645
HighCVSS 8.1Exploitation Probability (EPSS)
Low risk0.19%
9th percentile — higher than 9% of all known CVEs
Summary
The vulnerability in the Newsletters plugin up to version 4.13 allows unauthorized access to subscriber management functions. The lack of proper access control enables an attacker to manipulate subscriber data without required permissions.
Risk Assessment
The risk involves unauthorized reading, modification, or deletion of subscriber lists, potentially leading to user privacy breaches and loss of system trust.
Recommendation
Immediately update the Newsletters plugin to version 4.14 or later, which includes a fix for the broken access control vulnerability.
Original NVD description (English source)
newsletters_subscribers Broken Access Control in Newsletters <= 4.13 versions.

