Vulnerabilities > Thenewsletterplugin
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-07 | CVE-2023-4772 | Unspecified vulnerability in Thenewsletterplugin Newsletter The Newsletter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'newsletter_form' shortcode in versions up to, and including, 7.8.9 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2023-05-23 | CVE-2023-27922 | Cross-site Scripting vulnerability in Thenewsletterplugin Newsletter Cross-site scripting vulnerability in Newsletter versions prior to 7.6.9 allows a remote unauthenticated attacker to inject an arbitrary script. | 6.1 |
| 2022-06-20 | CVE-2022-1889 | Cross-site Scripting vulnerability in Thenewsletterplugin Newsletter The Newsletter WordPress plugin before 7.4.6 does not escape and sanitise the preheader_text setting, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfilteredhtml is disallowed | 3.5 |
| 2022-06-13 | CVE-2022-1756 | Cross-site Scripting vulnerability in Thenewsletterplugin Newsletter The Newsletter WordPress plugin before 7.4.5 does not sanitize and escape the $_SERVER['REQUEST_URI'] before echoing it back in admin pages. | 4.3 |
| 2021-01-01 | CVE-2020-35933 | Cross-site Scripting vulnerability in Thenewsletterplugin Newsletter A Reflected Authenticated Cross-Site Scripting (XSS) vulnerability in the Newsletter plugin before 6.8.2 for WordPress allows remote attackers to trick a victim into submitting a tnpc_render AJAX request containing either JavaScript in an options parameter, or a base64-encoded JSON string containing JavaScript in the encoded_options parameter. | 6.5 |