Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for Newsletter – Send awesome emails from WordPress by Unknown

    CVE-2022-1889 (GCVE-0-2022-1889)

    Vulnerability from nvd – Published: 2022-06-20 10:26 – Updated: 2024-08-03 00:17
    VLAI
    Title
    Newsletter < 7.4.6 - Admin+ Stored Cross-Site Scripting
    Summary
    The Newsletter WordPress plugin before 7.4.6 does not escape and sanitise the preheader_text setting, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfilteredhtml is disallowed
    Severity
    No CVSS data available.
    CWE
    • CWE-79 - Cross-site Scripting (XSS)
    Assigner
    References
    Impacted products
    Credits
    PHYO WIN SHEIN
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:17:00.922Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/ee3832e2-ce40-4063-a23e-44c7f7f5f46a"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Newsletter \u2013 Send awesome emails from WordPress",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "7.4.6",
                  "status": "affected",
                  "version": "7.4.6",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "PHYO WIN SHEIN"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Newsletter WordPress plugin before 7.4.6 does not escape and sanitise the preheader_text setting, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfilteredhtml is disallowed"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Cross-site Scripting (XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-20T10:26:13.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpscan.com/vulnerability/ee3832e2-ce40-4063-a23e-44c7f7f5f46a"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Newsletter \u003c 7.4.6 - Admin+ Stored Cross-Site Scripting",
          "x_generator": "WPScan CVE Generator",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "contact@wpscan.com",
              "ID": "CVE-2022-1889",
              "STATE": "PUBLIC",
              "TITLE": "Newsletter \u003c 7.4.6 - Admin+ Stored Cross-Site Scripting"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Newsletter \u2013 Send awesome emails from WordPress",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "7.4.6",
                                "version_value": "7.4.6"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Unknown"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "PHYO WIN SHEIN"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Newsletter WordPress plugin before 7.4.6 does not escape and sanitise the preheader_text setting, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfilteredhtml is disallowed"
                }
              ]
            },
            "generator": "WPScan CVE Generator",
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79 Cross-site Scripting (XSS)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpscan.com/vulnerability/ee3832e2-ce40-4063-a23e-44c7f7f5f46a",
                  "refsource": "MISC",
                  "url": "https://wpscan.com/vulnerability/ee3832e2-ce40-4063-a23e-44c7f7f5f46a"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2022-1889",
        "datePublished": "2022-06-20T10:26:13.000Z",
        "dateReserved": "2022-05-25T00:00:00.000Z",
        "dateUpdated": "2024-08-03T00:17:00.922Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-1756 (GCVE-0-2022-1756)

    Vulnerability from nvd – Published: 2022-06-13 12:42 – Updated: 2024-08-03 00:16
    VLAI
    Title
    Newsletter < 7.4.5 - Reflected Cross-Site Scripting
    Summary
    The Newsletter WordPress plugin before 7.4.5 does not sanitize and escape the $_SERVER['REQUEST_URI'] before echoing it back in admin pages. Although this uses addslashes, and most modern browsers automatically URLEncode requests, this is still vulnerable to Reflected XSS in older browsers such as Internet Explorer 9 or below.
    Severity
    No CVSS data available.
    CWE
    • CWE-79 - Cross-site Scripting (XSS)
    Assigner
    References
    Impacted products
    Credits
    PHYO WIN SHEIN
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:16:59.701Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/6ad407fe-db2b-41fb-834b-dd8c4f62b072"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Newsletter \u2013 Send awesome emails from WordPress",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "7.4.5",
                  "status": "affected",
                  "version": "7.4.5",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "PHYO WIN SHEIN"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Newsletter WordPress plugin before 7.4.5 does not sanitize and escape the $_SERVER[\u0027REQUEST_URI\u0027] before echoing it back in admin pages. Although this uses addslashes, and most modern browsers automatically URLEncode requests, this is still vulnerable to Reflected XSS in older browsers such as Internet Explorer 9 or below."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Cross-site Scripting (XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-13T12:42:33.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpscan.com/vulnerability/6ad407fe-db2b-41fb-834b-dd8c4f62b072"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Newsletter \u003c 7.4.5 - Reflected Cross-Site Scripting",
          "x_generator": "WPScan CVE Generator",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "contact@wpscan.com",
              "ID": "CVE-2022-1756",
              "STATE": "PUBLIC",
              "TITLE": "Newsletter \u003c 7.4.5 - Reflected Cross-Site Scripting"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Newsletter \u2013 Send awesome emails from WordPress",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "7.4.5",
                                "version_value": "7.4.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Unknown"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "PHYO WIN SHEIN"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Newsletter WordPress plugin before 7.4.5 does not sanitize and escape the $_SERVER[\u0027REQUEST_URI\u0027] before echoing it back in admin pages. Although this uses addslashes, and most modern browsers automatically URLEncode requests, this is still vulnerable to Reflected XSS in older browsers such as Internet Explorer 9 or below."
                }
              ]
            },
            "generator": "WPScan CVE Generator",
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79 Cross-site Scripting (XSS)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpscan.com/vulnerability/6ad407fe-db2b-41fb-834b-dd8c4f62b072",
                  "refsource": "MISC",
                  "url": "https://wpscan.com/vulnerability/6ad407fe-db2b-41fb-834b-dd8c4f62b072"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2022-1756",
        "datePublished": "2022-06-13T12:42:33.000Z",
        "dateReserved": "2022-05-17T00:00:00.000Z",
        "dateUpdated": "2024-08-03T00:16:59.701Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-1889 (GCVE-0-2022-1889)

    Vulnerability from cvelistv5 – Published: 2022-06-20 10:26 – Updated: 2024-08-03 00:17
    VLAI
    Title
    Newsletter < 7.4.6 - Admin+ Stored Cross-Site Scripting
    Summary
    The Newsletter WordPress plugin before 7.4.6 does not escape and sanitise the preheader_text setting, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfilteredhtml is disallowed
    Severity
    No CVSS data available.
    CWE
    • CWE-79 - Cross-site Scripting (XSS)
    Assigner
    References
    Impacted products
    Credits
    PHYO WIN SHEIN
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:17:00.922Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/ee3832e2-ce40-4063-a23e-44c7f7f5f46a"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Newsletter \u2013 Send awesome emails from WordPress",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "7.4.6",
                  "status": "affected",
                  "version": "7.4.6",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "PHYO WIN SHEIN"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Newsletter WordPress plugin before 7.4.6 does not escape and sanitise the preheader_text setting, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfilteredhtml is disallowed"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Cross-site Scripting (XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-20T10:26:13.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpscan.com/vulnerability/ee3832e2-ce40-4063-a23e-44c7f7f5f46a"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Newsletter \u003c 7.4.6 - Admin+ Stored Cross-Site Scripting",
          "x_generator": "WPScan CVE Generator",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "contact@wpscan.com",
              "ID": "CVE-2022-1889",
              "STATE": "PUBLIC",
              "TITLE": "Newsletter \u003c 7.4.6 - Admin+ Stored Cross-Site Scripting"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Newsletter \u2013 Send awesome emails from WordPress",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "7.4.6",
                                "version_value": "7.4.6"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Unknown"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "PHYO WIN SHEIN"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Newsletter WordPress plugin before 7.4.6 does not escape and sanitise the preheader_text setting, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfilteredhtml is disallowed"
                }
              ]
            },
            "generator": "WPScan CVE Generator",
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79 Cross-site Scripting (XSS)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpscan.com/vulnerability/ee3832e2-ce40-4063-a23e-44c7f7f5f46a",
                  "refsource": "MISC",
                  "url": "https://wpscan.com/vulnerability/ee3832e2-ce40-4063-a23e-44c7f7f5f46a"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2022-1889",
        "datePublished": "2022-06-20T10:26:13.000Z",
        "dateReserved": "2022-05-25T00:00:00.000Z",
        "dateUpdated": "2024-08-03T00:17:00.922Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-1756 (GCVE-0-2022-1756)

    Vulnerability from cvelistv5 – Published: 2022-06-13 12:42 – Updated: 2024-08-03 00:16
    VLAI
    Title
    Newsletter < 7.4.5 - Reflected Cross-Site Scripting
    Summary
    The Newsletter WordPress plugin before 7.4.5 does not sanitize and escape the $_SERVER['REQUEST_URI'] before echoing it back in admin pages. Although this uses addslashes, and most modern browsers automatically URLEncode requests, this is still vulnerable to Reflected XSS in older browsers such as Internet Explorer 9 or below.
    Severity
    No CVSS data available.
    CWE
    • CWE-79 - Cross-site Scripting (XSS)
    Assigner
    References
    Impacted products
    Credits
    PHYO WIN SHEIN
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:16:59.701Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/6ad407fe-db2b-41fb-834b-dd8c4f62b072"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Newsletter \u2013 Send awesome emails from WordPress",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "7.4.5",
                  "status": "affected",
                  "version": "7.4.5",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "PHYO WIN SHEIN"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Newsletter WordPress plugin before 7.4.5 does not sanitize and escape the $_SERVER[\u0027REQUEST_URI\u0027] before echoing it back in admin pages. Although this uses addslashes, and most modern browsers automatically URLEncode requests, this is still vulnerable to Reflected XSS in older browsers such as Internet Explorer 9 or below."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Cross-site Scripting (XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-06-13T12:42:33.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpscan.com/vulnerability/6ad407fe-db2b-41fb-834b-dd8c4f62b072"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Newsletter \u003c 7.4.5 - Reflected Cross-Site Scripting",
          "x_generator": "WPScan CVE Generator",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "contact@wpscan.com",
              "ID": "CVE-2022-1756",
              "STATE": "PUBLIC",
              "TITLE": "Newsletter \u003c 7.4.5 - Reflected Cross-Site Scripting"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Newsletter \u2013 Send awesome emails from WordPress",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "7.4.5",
                                "version_value": "7.4.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Unknown"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "PHYO WIN SHEIN"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Newsletter WordPress plugin before 7.4.5 does not sanitize and escape the $_SERVER[\u0027REQUEST_URI\u0027] before echoing it back in admin pages. Although this uses addslashes, and most modern browsers automatically URLEncode requests, this is still vulnerable to Reflected XSS in older browsers such as Internet Explorer 9 or below."
                }
              ]
            },
            "generator": "WPScan CVE Generator",
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79 Cross-site Scripting (XSS)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpscan.com/vulnerability/6ad407fe-db2b-41fb-834b-dd8c4f62b072",
                  "refsource": "MISC",
                  "url": "https://wpscan.com/vulnerability/6ad407fe-db2b-41fb-834b-dd8c4f62b072"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2022-1756",
        "datePublished": "2022-06-13T12:42:33.000Z",
        "dateReserved": "2022-05-17T00:00:00.000Z",
        "dateUpdated": "2024-08-03T00:16:59.701Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }