5 matches found
Cross site scripting
Unauth. Reflected Cross-Site Scripting XSS vulnerability in SendPress Newsletters plugin = 1.23.11.6 versions...
CVE-2023-41730
Cross-Site Request Forgery CSRF vulnerability in SendPress Newsletters plugin = 1.22.3.31 versions...
CVE-2023-41730
CVE-2023-41730 is a CSRF vulnerability in the WordPress plugin SendPress Newsletters . Multiple sources confirm the issue affects versions listed as <= 1.22.3.31 (and Patchstack references
Cross site scripting
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in SendPress Newsletters plugin = 1.22.3.31 versions...
CVE-2023-41729
This CVE affects the WordPress SendPress Newsletters plugin. The vulnerability is a stored XSS issue exploitable by an authenticated admin+ user, affecting plugin versions up to 1.22.3.31. Multiple sources corroborate the issue and indicate remediation by updating to a newer version than 1.22.3.3...