6 matches found
CVE-2023-4772
The Newsletter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'newsletterform' shortcode in versions up to, and including, 7.8.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers wi...
WordPress Newsletter Plugin < 7.9.0 XSS Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:thenewsletterplugin:newsletter"; if description...
CVE-2023-4772 Newsletter <= 7.8.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Newsletter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'newsletterform' shortcode in versions up to, and including, 7.8.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers wi...
CVE-2023-4772
CVE-2023-4772 affects the WordPress Newsletter plugin (newsletter) up to version 7.8.9, where stored XSS is caused by insufficient input sanitization and output escaping on attributes in the newsletter_form shortcode. The vulnerability allows authenticated contributors (and above) to inject scrip...
Stored Cross-Site Scripting Vulnerability Patched in Newsletter WordPress Plugin
On August 16, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for a stored Cross-Site Scripting XSS vulnerability in the Newsletter plugin, which is actively installed on more than 300,000 WordPress websites. The vulnerability enables threat...
WordPress Email Newsletter Plugin <= 7.8.9 is vulnerable to Cross Site Scripting (XSS)
Software Email Newsletter Type Plugin Vulnerable versions = 7.8.9 Fixed in 7.9.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4772 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 05a4feb47c5b Credits Lana Codes Required...