Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 5:56 a.m.6 views

CVE-2023-4772

The Newsletter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'newsletterform' shortcode in versions up to, and including, 7.8.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers wi...

6.4CVSS6.1AI score0.00437EPSS
Exploits2References1
OpenVAS
OpenVAS
added 2023/09/14 12:0 a.m.18 views

WordPress Newsletter Plugin < 7.9.0 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:thenewsletterplugin:newsletter"; if description...

6.4CVSS6.9AI score0.00437EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2023/09/07 1:52 a.m.8 views

CVE-2023-4772 Newsletter <= 7.8.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Newsletter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'newsletterform' shortcode in versions up to, and including, 7.8.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers wi...

6.4CVSS6.5AI score0.00437EPSS
Exploits2References3
CVE
CVE
added 2023/09/07 1:52 a.m.138 views

CVE-2023-4772

CVE-2023-4772 affects the WordPress Newsletter plugin (newsletter) up to version 7.8.9, where stored XSS is caused by insufficient input sanitization and output escaping on attributes in the newsletter_form shortcode. The vulnerability allows authenticated contributors (and above) to inject scrip...

6.4CVSS5AI score0.00437EPSS
Exploits2References3Affected Software1
Wordfence Blog
Wordfence Blog
added 2023/09/06 12:59 p.m.20 views

Stored Cross-Site Scripting Vulnerability Patched in Newsletter WordPress Plugin

On August 16, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for a stored Cross-Site Scripting XSS vulnerability in the Newsletter plugin, which is actively installed on more than 300,000 WordPress websites. The vulnerability enables threat...

4.9CVSS6.3AI score0.00437EPSS
Exploits2
Patchstack
Patchstack
added 2023/09/06 12:0 a.m.16 views

WordPress Email Newsletter Plugin <= 7.8.9 is vulnerable to Cross Site Scripting (XSS)

Software Email Newsletter Type Plugin Vulnerable versions = 7.8.9 Fixed in 7.9.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4772 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 05a4feb47c5b Credits Lana Codes Required...

6.4CVSS6AI score0.00437EPSS
Exploits2References2Affected Software1
Rows per page
Query Builder