A critical broken access control vulnerability in the Tribulant Newsletters plugin poses a significant risk of unauthorized data access and manipulation.

The plugin contains a broken access control flaw within the newsletters_subscribers function. This vulnerability allows an attacker to bypass intended security restrictions to access or modify subscriber data.

Successful exploitation of this vulnerability could lead to the unauthorized exposure or modification of sensitive subscriber contact information. Given the CVSS score of 8.1, this flaw is categorized as high severity, posing a serious risk to data privacy, regulatory compliance, and organizational reputation.

Immediate Action: Upgrade the Tribulant Newsletters plugin to the latest available version provided by the vendor.

Proactive Monitoring: Review web server and application access logs for suspicious requests targeting the subscriber management endpoints.

Compensating Controls: Deploy a Web Application Firewall (WAF) with rules configured to block unauthorized access attempts to plugin-specific administrative or subscriber functions.

Public Exploit Available: false

The broken access control flaw in the Tribulant Newsletters plugin requires immediate attention to prevent unauthorized data exposure. Administrators must verify their current plugin version and apply available security patches immediately to mitigate the risk of exploitation.