CVE-2022-47410: "Newsletter subscriber management" (fp_newsletter) TYPO3 extension leaks subscriber data

December 14, 2022 (updated April 21, 2025)

An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. Data about subscribers may be obtained via createAction operations.

References

github.com/advisories/GHSA-vxmc-qg5x-pvfx
github.com/bihor/fp_newsletter
nvd.nist.gov/vuln/detail/CVE-2022-47410
typo3.org/security/advisory/typo3-ext-sa-2022-017

Code Behaviors & Features

Detect and mitigate CVE-2022-47410 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →