Lucene search
China National Vulnerability DatabaseCNVD-2022-57172HistoryJun 22, 2022 - 12:00 a.m.
WordPress Newsletter plugin cross-site scripting vulnerability (CNVD-2022-57172)
2022-06-2200:00:00
China National Vulnerability Database
www.cnvd.org.cn
11
0.001 Low
EPSS
Percentile
25.0%
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. cross-site scripting vulnerability exists in versions of WordPress Newsletter plugin prior to 7.4.6. The vulnerability stems from a failure to escape and clean up the preheader_text setting, a high privilege An attacker could exploit this vulnerability to execute a stored cross-site scripting attack when unfilteredhtml is disabled.
| CPE | Name | Operator | Version |
|---|---|---|---|
| wordpress newsletter plugin | lt | 7.4.6 |
Related
cve
cve
CVE-2022-1889
2022-06-20 11:15:10
openvas
openvas
WordPress Newsletter Plugin < 7.4.6 XSS Vulnerability
2022-06-21 00:00:00
wpvulndb
wpvulndb
Newsletter < 7.4.6 - Admin+ Stored Cross-Site Scripting
2022-05-30 00:00:00
wpexploit
wpexploit
Newsletter < 7.4.6 - Admin+ Stored Cross-Site Scripting
2022-05-30 00:00:00
prion
prion
Cross site scripting
2022-06-20 11:15:00
cvelist
cvelist
CVE-2022-1889 Newsletter < 7.4.6 - Admin+ Stored Cross-Site Scripting
2022-06-20 10:26:13
nvd
nvd
CVE-2022-1889
2022-06-20 11:15:10