{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-67999", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2025-12-15T10:00:49.129Z", "datePublished": "2025-12-16T08:12:59.398Z", "dateUpdated": "2026-04-28T16:14:25.635Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "newsletter", "product": "Newsletter", "vendor": "Stefano Lissa", "versions": [{"changes": [{"at": "9.1.0", "status": "unaffected"}], "lessThanOrEqual": "9.0.9", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Doan Dinh Van | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-22T14:23:49.008Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Stefano Lissa Newsletter newsletter allows Blind SQL Injection.<p>This issue affects Newsletter: from n/a through <= 9.0.9.</p>"}], "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Stefano Lissa Newsletter newsletter allows Blind SQL Injection.This issue affects Newsletter: from n/a through <= 9.0.9."}], "impacts": [{"capecId": "CAPEC-7", "descriptions": [{"lang": "en", "value": "Blind SQL Injection"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-28T16:14:25.635Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/newsletter/vulnerability/wordpress-newsletter-plugin-9-0-9-sql-injection-vulnerability?_s_id=cve"}], "title": "WordPress Newsletter plugin <= 9.0.9 - SQL Injection vulnerability"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-12-17T20:10:33.211248Z", "id": "CVE-2025-67999", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-27T18:10:53.047Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-67999", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-12-17T20:10:33.211248Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-17T20:10:22.179Z"}}], "cna": {"title": "WordPress Newsletter plugin <= 9.0.9 - SQL Injection vulnerability", "credits": [{"lang": "en", "type": "finder", "value": "Doan Dinh Van | Patchstack Bug Bounty Program"}], "impacts": [{"capecId": "CAPEC-7", "descriptions": [{"lang": "en", "value": "Blind SQL Injection"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Stefano Lissa", "product": "Newsletter", "versions": [{"status": "affected", "changes": [{"at": "9.1.0", "status": "unaffected"}], "version": "0", "versionType": "custom", "lessThanOrEqual": "9.0.9"}], "packageName": "newsletter", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "datePublic": "2026-04-22T14:23:49.008Z", "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/newsletter/vulnerability/wordpress-newsletter-plugin-9-0-9-sql-injection-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Stefano Lissa Newsletter newsletter allows Blind SQL Injection.This issue affects Newsletter: from n/a through <= 9.0.9.", "supportingMedia": [{"type": "text/html", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Stefano Lissa Newsletter newsletter allows Blind SQL Injection.<p>This issue affects Newsletter: from n/a through <= 9.0.9.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-23T14:13:55.390Z"}}}, "cveMetadata": {"cveId": "CVE-2025-67999", "state": "PUBLISHED", "dateUpdated": "2026-04-27T18:10:53.047Z", "dateReserved": "2025-12-15T10:00:49.129Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2025-12-16T08:12:59.398Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Stefano Lissa Newsletter newsletter allows Blind SQL Injection.This issue affects Newsletter: from n/a through <= 9.0.9."}], "id": "CVE-2025-67999", "lastModified": "2026-04-27T18:16:53.040", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 4.7, "source": "audit@patchstack.com", "type": "Secondary"}]}, "published": "2025-12-16T09:16:00.800", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/newsletter/vulnerability/wordpress-newsletter-plugin-9-0-9-sql-injection-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-28T10:13:40.834475+00:00", "value": {"mitigation_remediation": ["Update the Newsletter plugin to the latest available version to remove the SQL injection flaw.", "If an update cannot be performed immediately, restrict public-facing inputs and administrative access to the plugin to limit opportunities for injection.", "Apply request filtering or a web application firewall to block suspicious SQL characters and monitor for repeated injection attempts."], "summary": {"action": "Update plugin", "impact": "Blind SQL injection"}, "threat_synthesis": {"affected_systems": "All versions of the Newsletter plugin up to and including version 9.0.9 are affected. Any WordPress installation that has installed one of these versions is vulnerable.", "description_and_impact": "The Newsletter plugin for WordPress, developed by Stefano Lissa, has an improper handling of user-supplied input in SQL statements, classified as CWE-89. This flaw allows blind SQL injection, meaning an attacker could insert arbitrary SQL code that may enable reading, modifying, or deleting data from the WordPress database.", "risk_and_exploitability": "The CVSS score of 7.6 indicates high severity, while the EPSS score of less than 1\u202f% shows that exploitation is possible but not widespread. The vulnerability is not listed in the CISA KEV catalog. Attackers can potentially exploit it by sending crafted requests to the plugin\u2019s endpoints that accept user input, taking advantage of the lack of sanitization. The injection is blind, so attackers might infer data through timing or error-based responses. The likely attack vector is through HTTP requests handled by the plugin."}}}}, "created": "2025-12-16T17:08:52.657055+00:00", "updated": "2026-04-28T10:15:28.864426+00:00", "vendors": ["stefanno_lissa", "stefanno_lissa$PRODUCT$newsletter", "wordpress", "wordpress$PRODUCT$wordpress"]}