WordPress Nouri.sh Newsletter plugin <= 1.0.1.3 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] vulnerability

Reflected Cross-Site Scripting via $SERVER'PHPSELF' vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin Nouri.sh Newsletter versions = 1.0.1.3...

CVE-2025-13515

CVE-2025-13515 refers to the Nouri.sh Newsletter WordPress plugin vulnerability. The issue is a Reflected Cross-Site Scripting via the $_SERVER['PHP_SELF'] parameter in all versions up to and including 1.0.1.3, caused by insufficient input sanitization and output escaping. The Wordfence detail co...

CVE-2025-13515 Nouri.sh Newsletter <= 1.0.1.3 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']

The Nouri.sh Newsletter plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' parameter in all versions up to, and including, 1.0.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

PT-2025-49229

The Nouri.sh Newsletter plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $ SERVER'PHP SELF' parameter in all versions up to, and including, 1.0.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to injec...