WordPress Plugin Vulnerabilities

MailPoet Newsletters <= 2.7.2 - Authenticated Reflected Cross-Site Scripting (XSS)

Description

The MailPoet Newsletters (Previous) WordPress plugin was affected by an Authenticated Reflected Cross-Site Scripting (XSS) security vulnerability.

Affects Plugins

Plugin icon
wysija-newsletters
Fixed in 2.7.3

References

URL
https://sumofpwn.nl/advisory/2016/reflected_cross_site_scripting_vulnerability_in_mailpoet_newsletters_plugin.html
URL
https://seclists.org/fulldisclosure/2016/Sep/17

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
6541c536-526e-4663-bef2-344d6f132761

Timeline

Publicly Published
2016-09-10 (about 9 years ago)
Added
2016-09-11 (about 9 years ago)
Last Updated
2019-11-01 (about 6 years ago)

Other

Published
Title
Published
2024-10-07
Title
Royal Elementor Addons and Templates < 1.3.987 - Authenticated (Contributor+) Stored Cross-Site Scripting via Team Member Widget
Published
2025-04-29
Title
Order Delivery Date Pro for WooCommerce < 12.4.0 - Reflected XSS
Published
2026-01-16
Title
CubeWP < 1.1.27 - Authenticated (Contributor+) Stored Cross-Site Scripting via cubewp_shortcode_taxonomy Shortcode
Published
2025-01-15
Title
Custom WP Store Locator < 1.4.8 - Reflected Cross-Site SCripting
Published
2025-03-18
Title
NS Simple Intro Loader <= 2.2.3 - Reflected Cross-Site Scripting