What is CVE-2022-46818?

SQL injection flaw in Email Posts to Subscribers WordPress plugin, letting attackers run arbitrary database queries on unpatched versions up to 6.2.

How to fix CVE-2022-46818 in WordPress?

Update to latest version if available, or deactivate/remove the plugin and migrate subscribers. Run WPScan to confirm.

Which WordPress sites are affected by CVE-2022-46818?

Any running Email Posts to Subscribers <=6.2, especially newsletter sites with exposed forms. Over 100k installs at risk.

🕳️ Vulnerabilities & CVEs

CVE-2022-46818: SQL Injection Lets Attackers Raid WordPress Subscriber Lists

A sneaky SQL injection in the Email Posts to Subscribers plugin could hand attackers your full subscriber database. CVE-2022-46818 isn't new, but unpatched sites are sitting ducks.

theAIcatchup Apr 08, 2026 4 min read

Illustration of SQL injection attack on WordPress database via CVE-2022-46818 vulnerability

⚡ Key Takeaways

Patch or remove Email Posts to Subscribers plugin immediately if <=v6.2. 𝕏
SQL injection remains a top threat in WP plugins—audit yours now. 𝕏
Expect PoCs and exploits soon; migrate to maintained alternatives. 𝕏

Published by

theAIcatchup

Threat intelligence. Zero noise.

#CVE-2022-46818 #Email Posts to Subscribers #Gopi Ramasamy #SQL injection #WordPress Vulnerability #WordPress plugin

Worth sharing?

Get the best Cybersecurity stories of the week in your inbox — no noise, no spam.

Originally reported by NVD Vulnerabilities

⚡ Key Takeaways

The 60-Second TL;DR

theAIcatchup

Share this article

Worth sharing?

Related Stories

CVE-2022-46849: The SQL Injection Lurking in Your WordPress 'Coming Soon' Page

CVE-2022-46860: SQL Injection Lets Hackers Hijack WordPress Short URLs

CVE-2022-46808: The SQL Injection Lurking in ARMember's Membership Plugin

Slimstat's SQL Injection Nightmare: CVE-2022-45373 Cracks Open Analytics Doors

Stay in the loop