CVE-2025-4857: Local File Inclusion Vulnerability in Newsletters Plugin for WordPress
CVE-2025-4857 is a recently disclosed vulnerability affecting the widely used Newsletters plugin for WordPress (versions ≤ 4.9.9.9). The flaw allows for Local File Inclusion (LFI), which could enable an attacker with Administrator-level access and above to execute unauthorized files on the server. In this post, we’ll walk through what the vulnerability means, who’s affected, and […]