VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 4 known issues Latest disclosed Jun 19, 2025

Mailing Group Listserv Vulnerabilities

Review known vulnerability records for the WordPress plugin Mailing Group Listserv (`wp-mailing-group`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2025-50036, CVE-2025-46463 and CVE-2025-22527, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed
Known Records
4
High or Critical
0
Patch Coverage
100%
Last Updated
Jun 25, 2025
Priority CVE Quick Links

Fast paths into Mailing Group Listserv CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs
4
CVE-2025-46463 Medium 3.0.5
CVE-2025-46463 Mailing Group Listserv SQL Injection

Mailing Group Listserv <= 3.0.4 - Authenticated (Subscriber+) SQL Injection

CVE-2025-22595 Medium 3.0.0
CVE-2025-22595 Mailing Group Listserv Cross-Site Scripting

Mailing Group Listserv <= 2.0.9 - Reflected Cross-Site Scripting

CVE-2025-22527 Medium 3.0.0
CVE-2025-22527 Mailing Group Listserv SQL Injection

Mailing Group Listserv <= 2.0.9 - Authenticated (Administrator+) SQL Injection

CVE-2025-50036 Medium No patch listed
CVE-2025-50036 Mailing Group Listserv Cross-Site Request Forgery

Mailing Group Listserv <= 3.0.5 - Cross-Site Request Forgery

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for Mailing Group Listserv so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility
4 records include a published patch path, leaving 0 with no listed safe release yet.
Severity Mix
0 critical and 0 high severity findings.
Recent CVEs
CVE-2025-50036, CVE-2025-46463 and CVE-2025-22527
Reference Workflow
Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.
Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

Known Vulnerabilities

Reports for Mailing Group Listserv

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: No CVE-2025-50036
CVE-2025-50036: Mailing Group Listserv <= 3.0.5 - Cross-Site Request Forgery

The Mailing Group Listserv plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.5. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthor...

Published
Jun 19, 2025
Patched Release
Not published
Affected Versions
Versions up to 3.0.5
Next Step
Open the full report for remediation notes and references.
Open CVE-2025-50036 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-46463
CVE-2025-46463: Mailing Group Listserv <= 3.0.4 - Authenticated (Subscriber+) SQL Injection

The Mailing Group Listserv plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 3.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticate...

Published
Apr 25, 2025
Patched Release
3.0.5
Affected Versions
Versions up to 3.0.4
Next Step
Update to 3.0.5 or newer if supported.
Open CVE-2025-46463 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-22527
CVE-2025-22527: Mailing Group Listserv <= 2.0.9 - Authenticated (Administrator+) SQL Injection

The Mailing Group Listserv plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 2.0.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticate...

Published
Jan 07, 2025
Patched Release
3.0.0
Affected Versions
Versions up to 2.0.9
Next Step
Update to 3.0.0 or newer if supported.
Open CVE-2025-22527 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-22595
CVE-2025-22595: Mailing Group Listserv <= 2.0.9 - Reflected Cross-Site Scripting

The Mailing Group Listserv plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 2.0.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts...

Published
Jan 07, 2025
Patched Release
3.0.0
Affected Versions
Versions up to 2.0.9
Next Step
Update to 3.0.0 or newer if supported.
Open CVE-2025-22595 Report Open CVE Reference