Vulnerability Discovered in Newsletter < 6.7.7
https://twitter.comNewsletter WordPress plugin has 300,000+ active installations and can be used to build an email list, easily create, send and track e-mails. In versions prior to 6.7.7, there is a XSS vulnerability that allows attackers to execute code when creating a new newsletter using an empty template with the header module.
The issue has been fixed in Version 6.7.7 which is available now from the WordPress Plugin Repo.