CVE-2025-66055 — Deserialization of Untrusted Data in Email Subscribers Newsletters

CWE-502 — Deserialization of Untrusted Data3 documents3 sources

Severity

7.2HIGHNVD

EPSS

0.1%

top 71.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Icegram Email Subscribers Newsletters

Timeline

PublishedNov 21

Description

Deserialization of Untrusted Data vulnerability in Icegram Email Subscribers & Newsletters email-subscribers allows Object Injection.This issue affects Email Subscribers & Newsletters: from n/a through <= 5.9.10.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages1 packages

▶CVEListV5icegram/email_subscribers_newsletters5.9.10

🔴Vulnerability Details

CVEList

WordPress Email Subscribers & Newsletters plugin <= 5.9.10 - PHP Object Injection vulnerability↗2025-11-21

▶

GHSA

GHSA-96qq-9955-wf6g: Deserialization of Untrusted Data vulnerability in Icegram Email Subscribers & Newsletters email-subscribers allows Object Injection↗2025-11-21

▶