3 matches found
WordPress Email Subscribers plugin < 5.7.50 - Admin+ Stored XSS in Template vulnerability
Admin+ Stored XSS in Template vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Email Subscribers & Newsletters versions 5.7.50...
CVE-2025-0671
creationtimestamp| type| source ---|---|--- 2025-04-25 06:10:50+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/13379 2025-04-25 07:07:23+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lnmnxtqql232 2025-04-25 09:09:16+00:00| seen|...
CVE-2025-0671 Email Subscribers < 5.7.50 - Admin+ Stored XSS in Template
The Icegram Express WordPress plugin before 5.7.50 does not sanitise and escape some of its Template settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...