๐Ÿ” CVE Alert

CVE-2025-66055

HIGH 7.2

WordPress Email Subscribers & Newsletters plugin <= 5.9.10 - PHP Object Injection vulnerability

CVSS Score
7.2
EPSS Score
0.0%
EPSS Percentile
0th

Deserialization of Untrusted Data vulnerability in Icegram Email Subscribers & Newsletters email-subscribers allows Object Injection.This issue affects Email Subscribers & Newsletters: from n/a through <= 5.9.10.

CWE CWE-502
Vendor icegram
Product email subscribers & newsletters
Published Nov 21, 2025
Last Updated Apr 1, 2026
Stay Ahead of the Next One

Get instant alerts for icegram email subscribers & newsletters

Be the first to know when new high vulnerabilities affecting icegram email subscribers & newsletters are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

Icegram / Email Subscribers & Newsletters
0 โ‰ค 5.9.10

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
patchstack.com: https://patchstack.com/database/Wordpress/Plugin/email-subscribers/vulnerability/wordpress-email-subscribers-newsletters-plugin-5-9-10-php-object-injection-vulnerability?_s_id=cve

Credits

Ananda Dhakal (Patchstack)