The Newsletter plugin vulnerability in WordPress has a PHP object-injection vulnerability present and the plugin is used by hundreds of thousands of websites.
The Newsletter plugin is one plugin used by over three hundred thousand users on the web. Though very popular, its got a vulnerability that is a problem and it could lead to code-execution and can further allow an attacker take over your website.
The Newsletter plugin allows admins use a visual editor to create newsletter and email campaigns from the WordPress admin area.
According to another WordPress security plugin, Wordfence, the issues are involved cross-site scripting vulnerability and a PHP object-injection vulnerability. Both issues can be rectified by updating to the latest version of Newsletter, v.6.8.2.
So, if you don’t have your newsletter plugin for WordPress updated to version 6.8.2 go do so now.