CVE-2018-0602 – Email Subscribers & Newsletters <= 3.4.12 - Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2018-0602

Cross-site scripting vulnerability in Email Subscribers & Newsletters versions prior to 3.5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en versiones anteriores a la 3.5.0 de Email Subscribers Newsletters permite a atacantes remotos inyectar scripts web o HTML arbitrarios utilizando vectores no especificados. • http://jvn.jp/en/jp/JVN16471686/index.html https://wordpress.org/plugins/email-subscribers/#developers https://wpvulndb.com/vulnerabilities/9101 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •