Newsletter < 7.6.9 – Reflected XSS | CVE 2023-27922

Affects Plugins

newsletter

Fixed in 7.6.9

References

CVE

CVE-2023-27922

URL

https://jvn.jp/en/jp/JVN59341308/

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

7.1 (high)

Miscellaneous

Original Researcher

Gen Sato of Mitsui Bussan Secure Directions, Inc

Verified

Yes

WPVDB ID

eb6ff6f0-60fe-4345-b443-97fd4800418c

Timeline

Publicly Published

2023-03-27 (about 2 years ago)

Added

2023-05-11 (about 2 years ago)

Last Updated

2023-05-11 (about 2 years ago)

Other

Published

Title

Published

2024-03-23

Title

Shortcodes Ultimate < 7.0.5 - Contributor+ Stored XSS

Published

2025-10-10

Title

Open Currency Converter <= 1.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2022-09-02

Title

Meet My Team <= 2.1 - Contributor+ Stored Cross-Site Scripting

Published

2025-12-05

Title

Yet Another WebClap for WordPress <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

Published

2025-06-13

Title

YITH WooCommerce Wishlist < 4.6.0 - Contributor+ Stored XSS via id Parameter