WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in versions of the WordPress Newsletter plugin prior to 7.4.5, which stems from the fact that REQUEST_URI is not cleaned up and escaped before it is displayed back to the admin page. and escaping before displaying the REQUEST_URI back to the admin page. An attacker could exploit this vulnerability to execute JavaScript code on the client side.
CPE | Name | Operator | Version |
---|---|---|---|
wordpress newsletter plugin | lt | 7.4.5 |