WordPress Plugin Vulnerabilities

Email Subscribers & Newsletters < 4.1.7 - Cross-Site Scripting (XSS)

Description

The Email Subscribers & Newsletters – Simple and Effective Email Marketing WordPress Plugin WordPress plugin was affected by a Cross-Site Scripting (XSS) security vulnerability.

Affects Plugins

Plugin icon
email-subscribers
Fixed in 4.1.7

References

CVE
CVE-2019-14364
URL
https://github.com/ivoschyk-cs/CVE-s/blob/master/Email%20Subscribers%20%26%20Newsletters%20Wordpress%20Plugin%20(XSS)
URL
https://plugins.trac.wordpress.org/changeset/2123195/email-subscribers

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
9.6 (critical)

Miscellaneous

Submitter
Ryan Dewhurst
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
0480ad73-d7e4-4b89-9d01-7275554e2d0d

Timeline

Publicly Published
2019-07-12 (about 6 years ago)
Added
2019-08-13 (about 6 years ago)
Last Updated
2020-08-07 (about 5 years ago)

Other

Published
Title
Published
2024-09-25
Title
012 PS Multi Languages <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2024-10-25
Title
WP show more <= 1.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via show_more Shortcode
Published
2026-01-13
Title
Internal Link Builder <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin's Settings
Published
2025-06-18
Title
SpecFit-Virtual Try On Woocommerce <= 8.0.3 - Reflected Cross-Site Scripting
Published
2024-11-28
Title
WordPress Portfolio Builder – Portfolio Gallery <= 1.1.7 - Authenticated (Editor+) Stored Cross-Site Scripting