Newsletter < 3.2.7 – Cross-Site Scripting (XSS)

Affects Plugins

newsletter

Fixed in 3.2.7

References

URL

https://packetstormsecurity.com/files/#121634/

URL

http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5141.php

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

5.4 (medium)

Miscellaneous

Verified

No

WPVDB ID

3c31f266-cde4-4e0d-9756-5ca352dfdd5e

Timeline

Publicly Published

2013-05-14 (about 12 years ago)

Added

2014-08-01 (about 11 years ago)

Last Updated

2020-08-12 (about 5 years ago)

Other

Published

Title

Published

2024-04-09

Title

Elementor Addons by Livemesh < 8.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Display Name

Published

2022-07-04

Title

Booster for WooCommerce < 5.6.2 - Reflected Cross-Site Scripting

Published

2023-10-02

Title

Notice Bar < 3.1.1 - Contributor+ Stored XSS

Published

2021-08-16

Title

Email Artillery <= 4.1 - Multiple Authenticated SQL Injections

Published

2024-07-15

Title

WP eMember <= v10.7.0 - Stored XSS via CSRF