5 matches found
CVE-2025-3584
creationtimestamp| type| source ---|---|--- 2025-06-03 08:56:47+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lqowbr3g4e2r...
CVE-2025-3584
The Newsletter WordPress plugin before 8.8.2 does not sanitise and escape some of its Subscription settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2025-3584 Newsletter < 8.8.2 - Admin+ Stored XSS via Subscription
The Newsletter WordPress plugin before 8.8.2 does not sanitise and escape some of its Subscription settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2025-3584 Newsletter < 8.8.2 - Admin+ Stored XSS via Subscription
The Newsletter WordPress plugin before 8.8.2 does not sanitise and escape some of its Subscription settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2025-3584
The CVE-2025-3584 entry concerns the WordPress Newsletter plugin, affected in versions prior to 8.8.2. The vulnerability arises from insufficient sanitization/escaping of Subscription settings, allowing Stored Cross-Site Scripting by high-privilege users (e.g., admins), even when unfiltered_html ...