SendPress Newsletter < 1.20.7.13 – Authenticated Stored Cross-Site Scripting (XSS) | Plugin Vulnerabilities

Description

Multiple Stored Cross-Site Scripting within SendPress Newsletter Settings due to improper input sanitation. The vulnerable fields are:
- From Name
- From Email
- Where to send Test Email

Proof of Concept

https://www.dropbox.com/s/slnc6oj1ryssvuz/sendpress-xss.mp4?dl=0

Payloads
- v < 1.20.7.10: test"><script>alert(1337)</script>/**//
- v < 1.20.7.13: " autofocus=autofocus onfocus=alert(/XSS/) a=

Affects Plugins

Fixed in 1.20.7.13

References

URL

https://github.com/brewlabs/sendpress/issues/157

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Chevon Phillip

Submitter

Chevon Phillip

Submitter website

https://chevonphillip.com

Submitter twitter

https://twitter.com/chevonphillip

Verified

Yes

WPVDB ID

b2b14627-e91f-4346-b1bc-3bfbdb77c552

Timeline

Publicly Published

2020-07-13 (about 5 years ago)

Added

2020-07-13 (about 5 years ago)

Last Updated

2020-07-14 (about 5 years ago)

Other

Published

Title

Published

2025-06-06

Title

LTL Freight Quotes – Freightview Edition <= 1.0.11, LTL Freight Quotes – Daylight Edition <=2.2.6 and LTL Freight Quotes – Day & Ross Edition <= 2.1.10 - Unauthenticated Stored Cross-Site Scripting via `expiry_date` Parameter

Published

2025-04-01

Title

Limit Max IPs Per User <= 1.5 - Reflected Cross-Site Scripting

Published

2023-01-27

Title

VikBooking Hotel Booking Engine & PMS < 1.5.12 - Admin+ Stored XSS

Published

2021-04-01

Title

Erident Custom Login and Dashboard < 3.5.9 - Authenticated Stored Cross-Site Scripting (XSS)

Published

2024-08-16

Title

White Label CMS < 2.7.5 - Reflected Cross-Site Scripting