WordPress Newsletter2Go plugin <= 4.0.14 - Missing Authorization to Authenticated (Subscriber+) Style Reset vulnerability

Missing Authorization to Authenticated Subscriber+ Style Reset vulnerability discovered by Lucio Sá in WordPress Plugin Newsletter2Go versions = 4.0.14...

CVE-2024-12618

The Newsletter2Go plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'resetStyles' AJAX action in all versions up to, and including, 4.0.14. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

CVE-2024-12618

The CVE CVE-2024-12618 affects Newsletter2Go for WordPress. A missing capability check on the resetStyles AJAX action in all versions up to 4.0.14 allows authenticated attackers with Subscriber-level access and above to modify data by resetting styles. Connected sources confirm the issue details ...

CVE-2024-12618 Newsletter2Go <= 4.0.14 - Missing Authorization to Authenticated (Subscriber+) Style Reset

The Newsletter2Go plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'resetStyles' AJAX action in all versions up to, and including, 4.0.14. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

WordPress plugin Newsletter2Go 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-1328

The Newsletter2Go plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘style’ parameter in all versions up to, and including, 4.0.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber access and...

CVE-2024-1328

The Newsletter2Go plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘style’ parameter in all versions up to, and including, 4.0.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber access and...

Cross site scripting

The Newsletter2Go plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘style’ parameter in all versions up to, and including, 4.0.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber access and...

CVE-2024-1328

The Newsletter2Go WordPress plugin is affected by CVE-2024-1328: stored XSS via the style parameter in all versions up to 4.0.13. Exploitation requires authentication (subscriber access or higher) and can inject scripts that execute when a user visits an injected page. Technical details about a p...

CVE-2024-1328 Newsletter2Go <= 4.0.14 - Authenticated(Subscriber+) Stored Cross-Site Scripting via style

The Newsletter2Go plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘style’ parameter in all versions up to, and including, 4.0.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber access and...

WordPress Newsletter2Go Plugin <= 4.0.13 is vulnerable to Cross Site Scripting (XSS)

Software Newsletter2Go Type Plugin Vulnerable versions = 4.0.13 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1328 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 1277fbb17528 Credits Francesco Carlucci...

WordPress Plugin Newsletter2Go Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

Newsletter2Go <= 4.0.13 - Authenticated(Subscriber+) Stored Cross-Site Scripting via style

Description The Newsletter2Go plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘style’ parameter in all versions up to, and including, 4.0.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber...