CVE-2026-12583 - Newsletters < 4.15 - Unauthenticated PHP Object Injection via Subscriber Custom Field
CVE ID :CVE-2026-12583 Published : July 14, 2026, 6:17 a.m. | 8 hours, 16 minutes ago Description :The Newsletters WordPress plugin before 4.15 does not prevent deserialization of untrusted input that is stored through a public form, allowing unauthenticated attackers to inject a PHP object...