Newsletter < 7.4.6 - Admin+ Stored Cross-Site Scripting

2022-05-3000:00:00

PHYO WIN SHEIN

wpscan.com

0.001 Low

EPSS

Percentile

25.0%

JSON

The plugin does not escape and sanitise the preheader_text setting, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfilteredhtml is disallowed

PoC

Go to Newsletters of Newsletter at wordpress admin panel ( eg . https://wordpress.local/wp-admin/admin.php?page=newsletter_emails_index ). Create the “new newsletter”, and then choose any type of templates ( default presets ) except from Raw HTML. Input the simple test XSS payload at the Snippet Input Payload : Test Snippet And Click the “Save” and “Next”. The Stored XSS payload will execute.

CPENameOperatorVersion
newsletterlt7.4.6

CPE	Name	Operator	Version
	newsletter	lt	7.4.6

0.001 Low

EPSS

Percentile

25.0%

JSON

Related for WPVDB-ID:EE3832E2-CE40-4063-A23E-44C7F7F5F46A