WordPress Plugin Vulnerabilities

Newsletter < 7.6.9 - Reflected XSS

Description

The plugin does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as administrators

Proof of Concept

Make a logged in admin open https://example.com/wp-admin/admin.php?page=newsletter_system_status&a"><script>alert(/XSS/)</script>

Affects Plugins

Plugin icon
newsletter
Fixed in 7.6.9

References

CVE
CVE-2023-27922
URL
https://jvn.jp/en/jp/JVN59341308/

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
7.1 (high)

Miscellaneous

Original Researcher
Gen Sato of Mitsui Bussan Secure Directions, Inc
Verified
Yes
WPVDB ID
eb6ff6f0-60fe-4345-b443-97fd4800418c

Timeline

Publicly Published
2023-03-27 (about 1 years ago)
Added
2023-05-11 (about 1 years ago)
Last Updated
2023-05-11 (about 1 years ago)

Other

Published
Title
Published
2021-12-28
Title
WP-DownloadManager < 1.68.7 - Reflected Cross-Site Scripting
Published
2022-03-28
Title
Modern Events Calendar Lite < 6.4.7 - Reflected Cross-Site Scripting
Published
2022-09-06
Title
WP Socializer < 7.3 - Admin+ Stored Cross-Site Scripting
Published
2020-07-08
Title
Monalisa < 2.1.3 - Unauthenticated Reflected Cross-Site Scripting (XSS)
Published
2024-03-15
Title
WP Responsive Tabs horizontal vertical and accordion Tabs < 1.1.18 - Authenticated (Contributor+) Stored Cross-Site Scripting