MailPoet Newsletters < 2.7 – Unauthenticated Reflected Cross-Site Scripting (XSS)

Affects Plugins

wysija-newsletters

Fixed in 2.7

References

URL

https://www.netsparker.com/ns-16-002-xss-vulnerability-identified-in-mailpoet-newsletters/

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

Miscellaneous

Submitter

ethicalhack3r

Submitter twitter

ethicalhack3r

Verified

No

WPVDB ID

6b22452f-3d45-40c5-9e48-7fc6c61d60e9

Timeline

Publicly Published

2016-02-02 (about 10 years ago)

Added

2016-02-02 (about 10 years ago)

Last Updated

2019-10-31 (about 6 years ago)

Other

Published

Title

Published

2022-09-12

Title

PCA Predict <= 1.0.3 - Admin+ Stored Cross-Site Scripting

Published

2021-06-21

Title

myStickymenu < 2.5.2 - Authenticated Stored XSS

Published

2024-05-03

Title

Folders Pro < 3.0.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting via User First Name and Last Name

Published

2024-05-14

Title

The Events Calendar < 6.4.0.1 - Reflected XSS

Published

2024-05-20

Title

PopupAlly < 2.1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting