2 matches found
CVE-2019-14787
The Tribulant Newsletters plugin before 4.6.19 for WordPress allows XSS via the wp-admin/admin-ajax.php?action=newslettersloadneweditor contentarea parameter...
CVE-2019-14787
Tribulant Newsletters for WordPress (pre-4.6.19) is affected by an XSS flaw in the admin-ajax.php endpoint newsletters_load_new_editor, exploitable via the contentarea parameter. Root cause: insufficient input validation/sanitization in the ajax_load_new_editor() AJAX handler. Impact: reflected X...