CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1889 – Newsletter < 7.4.6 - Admin+ Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-1889
The Newsletter WordPress plugin before 7.4.6 does not escape and sanitise the preheader_text setting, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfilteredhtml is disallowed El plugin Newsletter de WordPress versiones anteriores a 7.4.6, no escapa y sanea la configuración preheader_text, lo que podría permitir a usuarios muy privilegiados llevar a cabo ataques de tipo Cross-Site Scripting Almacenado cuando el unfilteredhtml no está permitido The Newsletter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the preheader_text value in versions up to, and including, 7.4.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. • https://wpscan.com/vulnerability/ee3832e2-ce40-4063-a23e-44c7f7f5f46a • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1756 – Newsletter < 7.4.5 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-1756
The Newsletter WordPress plugin before 7.4.5 does not sanitize and escape the $_SERVER['REQUEST_URI'] before echoing it back in admin pages. Although this uses addslashes, and most modern browsers automatically URLEncode requests, this is still vulnerable to Reflected XSS in older browsers such as Internet Explorer 9 or below. El plugin Newsletter de WordPress versiones anteriores a 7.4.5, no sanea y escapa el $_SERVER["REQUEST_URI"] antes de devolverlo en las páginas de administración. Aunque esto usa addslashes, y la mayoría de los navegadores modernos automáticamente URLEncode peticiones, esto sigue siendo vulnerable a un ataque de tipo XSS Reflejado en los navegadores más antiguos como Internet Explorer 9 o anteriores • https://wpscan.com/vulnerability/6ad407fe-db2b-41fb-834b-dd8c4f62b072 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-38302
https://notcve.org/view.php?id=CVE-2021-38302
The Newsletter extension through 4.0.0 for TYPO3 allows SQL Injection. La extensión Newsletter versiones hasta 4.0.0 para TYPO3, permite una inyección SQL. • https://typo3.org/help/security-advisories https://typo3.org/security/advisory/typo3-ext-sa-2021-014 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-35933 – Newsletter <= 6.8.1 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-35933
A Reflected Authenticated Cross-Site Scripting (XSS) vulnerability in the Newsletter plugin before 6.8.2 for WordPress allows remote attackers to trick a victim into submitting a tnpc_render AJAX request containing either JavaScript in an options parameter, or a base64-encoded JSON string containing JavaScript in the encoded_options parameter. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) Autenticado Reflejado en el plugin Newsletter versiones anteriores a 6.8.2 para WordPress permite a atacantes remotos engañar a una víctima para enviar una petición AJAX de tnpc_render que contenga JavaScript en un parámetro de opciones o una cadena JSON codificada en base64 que contenga JavaScript en el parámetro encoded_options. • https://www.wordfence.com/blog/2020/08/newsletter-plugin-vulnerabilities-affect-over-300000-sites • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-35932 – Newsletter <= 6.8.1 - Authenticated PHP Object Injection
https://notcve.org/view.php?id=CVE-2020-35932
Insecure Deserialization in the Newsletter plugin before 6.8.2 for WordPress allows authenticated remote attackers with minimal privileges (such as subscribers) to use the tpnc_render AJAX action to inject arbitrary PHP objects via the options[inline_edits] parameter. NOTE: exploitability depends on PHP objects that might be present with certain other plugins or themes. Una Deserialización No Segura en el plugin Newsletter versiones anteriores a 6.8.2 para WordPress, permite a atacantes remotos autenticados con privilegios mínimos (tales como suscriptores) usar la acción AJAX de tpnc_render para inyectar objetos PHP arbitrarios por medio del parámetro options[inline_edits]. NOTA: la explotabilidad depende de los objetos PHP que pueden estar presentes con otros plugins o temas. • https://www.wordfence.com/blog/2020/08/newsletter-plugin-vulnerabilities-affect-over-300000-sites • CWE-502: Deserialization of Untrusted Data •