WordPress Plugin Vulnerabilities

Newsletters Lite < 4.6.8.6 - PHP Object Injection

Description

The Newsletters WordPress plugin was affected by a PHP Object Injection security vulnerability.

Affects Plugins

Plugin icon
newsletters-lite
Fixed in 4.6.8.6

References

CVE
CVE-2018-20987

Classification

Type
OBJECT INJECTION
OWASP top 10
A8: Insecure Deserialization
CWE
CWE-502
CVSS
9.8 (critical)

Miscellaneous

Verified
No
WPVDB ID
52037486-c1fb-4465-b397-94617aa35d56

Timeline

Publicly Published
2018-03-12 (about 8 years ago)
Added
2019-08-23 (about 6 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2025-08-08
Title
Gravity Forms Zoho CRM and Bigin < 1.3.0 - Unauthenticated PHP Object Injection
Published
2023-12-29
Title
Theme per user < 1.0.2 - Unauthenticated PHP Object Injection
Published
2025-01-06
Title
Compare Products for WooCommerce < 3.2.2 - Unauthenticated PHP Object Injection
Published
2025-01-10
Title
Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups < 1.3.6 - Missing Authorization to Authenticated (Contributor+) PHP Object Injection
Published
2025-09-24
Title
TranslatePress < 2.10.3 - Unauthenticated PHP Object Injection