Lucene search
+L

4 matches found

patchstack
patchstack
added 2025/06/09 7:12 p.m.9 views

WordPress Newsletter plugin < 8.8.5 - Admin+ Stored XSS via Widget vulnerability

Admin+ Stored XSS via Widget vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin NewsLetter versions 8.8.5...

4.8CVSS5.9AI score0.0022EPSS
Exploits1References1Affected Software1
cvelist
cvelist
added 2025/06/09 6:0 a.m.21 views

CVE-2025-3581 Newsletter < 8.8.5 - Admin+ Stored XSS via Widget

The Newsletter WordPress plugin before 8.8.5 does not validate and escape some of its Widget options before outputting them back in a page/post where the block is embed, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtm...

0.0022EPSS
Exploits1References1
vulnrichment
vulnrichment
added 2025/06/09 6:0 a.m.4 views

CVE-2025-3581 Newsletter < 8.8.5 - Admin+ Stored XSS via Widget

The Newsletter WordPress plugin before 8.8.5 does not validate and escape some of its Widget options before outputting them back in a page/post where the block is embed, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtm...

4.8AI score0.0022EPSS
Exploits1References1
cve
cve
added 2025/06/09 6:0 a.m.68 views

CVE-2025-3581

CVE-2025-3581 affects the Newsletter WordPress plugin (versions prior to 8.8.5). The issue is a failure to validate/escape certain Widget options before output, enabling a stored XSS when the block is embedded on a page/post, potentially exploitable by high-privilege users such as admins, includi...

4.8CVSS5.5AI score0.0022EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder