WordPress Plugin Vulnerabilities

Email Subscribers & Newsletters < 3.5.0 - Cross-Site Scripting (XSS)

Description

Changelog states: "Missing santization in preview template"

Affects Plugins

Plugin icon
email-subscribers
Fixed in 3.5.0

References

CVE
CVE-2018-0602
URL
https://jvn.jp/en/jp/JVN16471686/index.html
URL
https://plugins.trac.wordpress.org/changeset/1876354/email-subscribers

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Submitter
Ryan
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
aac2bf15-73cb-4d31-8211-bf7bd175f4f7

Timeline

Publicly Published
2018-05-28 (about 7 years ago)
Added
2018-06-28 (about 7 years ago)
Last Updated
2020-08-07 (about 5 years ago)

Other

Published
Title
Published
2016-04-17
Title
FAQ WD < 1.0.17 - Cross-Site Scripting (XSS)
Published
2025-02-28
Title
TemplatesNext ToolKit <= 3.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Published
2025-01-16
Title
WP-Announcements <= 1.8 - Reflected Cross-Site Scripting
Published
2022-12-22
Title
Font Awesome < 4.3.2 - Contributor+ Stored XSS
Published
2024-04-05
Title
MailMunch – Grow your Email List < 3.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting