WordPress Plugin Vulnerabilities

Newsletter Manager < 1.0.2 - Authenticated Reflected Cross Site Scripting

Description

The Newsletter Manager WordPress plugin was affected by a Cross Site Scripting security vulnerability.

Affects Plugins

Plugin icon
newsletter-manager
Fixed in 1.0.2

References

CVE
CVE-2012-6628
CVE
CVE-2012-6627
URL
https://packetstormsecurity.com/files/#112694/

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
8.3 (high)

Miscellaneous

Verified
No
WPVDB ID
273570a5-21cb-4338-b6f3-faf03ffef813

Timeline

Publicly Published
2014-08-01 (about 11 years ago)
Added
2014-08-01 (about 11 years ago)
Last Updated
2020-12-30 (about 5 years ago)

Other

Published
Title
Published
2025-02-16
Title
easy-broken-link-checker <= 9.0.2 - Admin+ Stored XSS
Published
2024-04-05
Title
Bold Page Builder < 4.8.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget URL Attribute
Published
2024-04-22
Title
All-in-one Like Widget < 2.2.8 - Authenticated (Admin+) Stored Cross-Site Scripting
Published
2025-01-06
Title
Marketplace Items <= 1.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Published
2025-02-03
Title
FlexIDX Home Search <= 2.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting