3 matches found
WordPress Newsletter plugin < 8.8.5 - Admin+ Stored XSS via Form vulnerability
Admin+ Stored XSS via Form vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Newsletter versions 8.8.5...
CVE-2025-3582
The Newsletter WordPress plugin before 8.85 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2025-3582
CVE-2025-3582 affects the Newsletter WordPress plugin prior to version 8.85. The issue arises from inadequate sanitisation/escaping of Form settings, enabling stored XSS by high-privilege users (e.g., admins), even when unfiltered_html is disallowed (e.g., multisite). Public sources in the provid...