Wordfence’s Threat Intelligence team has found two more security flaws in the Newsletter WordPress plugin. The vulnerability was found in the newsletter plugin that provides the tools needed to create responsive newsletter and email mail marketing campaigns on WordPress blogs using a visual composer. At least 150,000 WordPress sites with active Newsletter installations still potentially left exposed to potential attacks if hackers start exploiting these bugs as part of future campaigns. Users urged to update the plugin to the 6.8.3 version as soon as possible to block attacks.
Source: https://www.bleepingcomputer.com/news/security/newsletter-plugin-bugs-let-hackers-inject-backdoors-on-300k-sites/