CVE-2022-47411: "Newsletter subscriber management" (fp_newsletter) TYPO3 extension leaks subscriber data

December 14, 2022 (updated April 21, 2025)

An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. Data about subscribers may be obtained via unsubscribeAction operations.

References

github.com/advisories/GHSA-r44w-pfx8-28jv
github.com/bihor/fp_newsletter
nvd.nist.gov/vuln/detail/CVE-2022-47411
typo3.org/security/advisory/typo3-ext-sa-2022-017

Code Behaviors & Features

Detect and mitigate CVE-2022-47411 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →