Lucene search
WPScanCVELIST:CVE-2022-1756HistoryJun 13, 2022 - 12:42 p.m.
CVE-2022-1756 Newsletter < 7.4.5 - Reflected Cross-Site Scripting
2022-06-1312:42:33
CWE-79
WPScan
www.cve.org
0.001 Low
EPSS
Percentile
38.0%
The Newsletter WordPress plugin before 7.4.5 does not sanitize and escape the $_SERVER[βREQUEST_URIβ] before echoing it back in admin pages. Although this uses addslashes, and most modern browsers automatically URLEncode requests, this is still vulnerable to Reflected XSS in older browsers such as Internet Explorer 9 or below.
CNA Affected
[
{
"product": "Newsletter β Send awesome emails from WordPress",
"vendor": "Unknown",
"versions": [
{
"lessThan": "7.4.5",
"status": "affected",
"version": "7.4.5",
"versionType": "custom"
}
]
}
]Related
prion
prion
Cross site scripting
2022-06-13 13:15:00
patchstack
patchstack
wpexploit
wpexploit
Newsletter < 7.4.5 - Reflected Cross-Site Scripting
2022-05-23 00:00:00
cnvd
cnvd
WordPress Newsletter pluginθ·¨η«θζ¬ζΌζ΄
2022-06-15 00:00:00
nvd
nvd
CVE-2022-1756
2022-06-13 13:15:11
wpvulndb
wpvulndb
Newsletter < 7.4.5 - Reflected Cross-Site Scripting
2022-05-23 00:00:00
jvn
jvn
nuclei
nuclei
Newsletter < 7.4.5 - Cross-Site Scripting
2023-08-17 07:49:11
openvas
openvas
WordPress Newsletter Plugin < 7.4.5 XSS Vulnerability
2022-06-21 00:00:00
cve
cve
CVE-2022-1756
2022-06-13 13:15:11