PatchSiren

Tribulant Software CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH Tribulant Software CVE published 2026-07-13

CVE-2026-57394

CVE-2026-57394 is a Reflected Cross-Site Scripting (XSS) vulnerability in the Newsletters plugin for WordPress. The vulnerability affects versions up to and including 4.14. This issue allows attackers to inject malicious scripts into web pages, potentially leading to unauthorized actions or data exposure. The vulnerability has a CVSS score of 7.1, indicating a High severity level. Administrators and users [truncated]