2 matches found
CVE-2020-35933
A Reflected Authenticated Cross-Site Scripting XSS vulnerability in the Newsletter plugin before 6.8.2 for WordPress allows remote attackers to trick a victim into submitting a tnpcrender AJAX request containing either JavaScript in an options parameter, or a base64-encoded JSON string containing...
CVE-2020-35933
CVE-2020-35933 affects the WordPress Newsletter plugin prior to 6.8.2. A reflected, authenticated XSS can be triggered by submitting a tnpc_render AJAX request containing JavaScript in the options parameter or a base64-encoded JSON string with JavaScript in encoded_options. Impact is limited to t...