3 matches found
WordPress Newsletter plugin < 8.7.1 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Newsletter versions 8.7.1...
CVE-2025-3583
creationtimestamp| type| source ---|---|--- 2025-05-05 06:18:39+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/14838 2025-05-05 10:01:24+00:00| seen| https://t.me/cvedetector/24441 2025-05-05 10:21:10+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3log5hwzg732p...
CVE-2025-3583 Newsletter < 8.7.1 - Admin+ Stored XSS
The Newsletter WordPress plugin before 8.7.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...