Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) discovered by Kohei Hino (Cryptography Laboratory - Tokyo Denki University) in WordPress Nifty Newsletters plugin (versions <= 4.0.23).
This plugin has been closed as of July 29, 2021 and is not available for download. This closure is temporary, pending a full review.
CPE | Name | Operator | Version |
---|---|---|---|
nifty newsletters | le | 4.0.23 |