Browse all 4 CVE security advisories affecting SendPress. AI-powered Chinese analysis, POCs, and references for each vulnerability.
SendPress is a WordPress plugin for email newsletter management and campaign distribution. Historically, it has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, as evidenced by its four recorded CVEs. The plugin's security posture has been compromised through insufficient input validation and improper access controls, allowing attackers to execute unauthorized commands, inject malicious scripts, or gain elevated administrative privileges. While no major public incidents have been widely documented, the consistent pattern of vulnerabilities across different versions highlights ongoing security challenges that require immediate patching and careful implementation by users.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2023-35040 | WordPress SendPress Newsletters plugin <= 1.23.11.6 - Broken Access Control vulnerability — SendPress NewslettersCWE-862 | 5.3 | Medium | 2024-06-13 |
| CVE-2023-47517 | WordPress SendPress Newsletters Plugin <= 1.23.11.6 is vulnerable to Cross Site Scripting (XSS) — SendPress NewslettersCWE-79 | 7.1 | High | 2023-11-14 |
| CVE-2023-41730 | WordPress SendPress Newsletters Plugin <= 1.22.3.31 is vulnerable to Cross Site Request Forgery (CSRF) — SendPress NewslettersCWE-352 | 4.3 | Medium | 2023-10-10 |
| CVE-2023-41729 | WordPress SendPress Newsletters Plugin <= 1.22.3.31 is vulnerable to Cross Site Scripting (XSS) — SendPress NewslettersCWE-79 | 5.9 | Medium | 2023-10-02 |
This page lists every published CVE security advisory associated with SendPress. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.