RSS   Vulnerabilities for 'Newsletter'   RSS

2022-06-20
 
CVE-2022-1889

CWE-79
 

 
The Newsletter WordPress plugin before 7.4.6 does not escape and sanitise the preheader_text setting, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfilteredhtml is disallowed

 


Copyright 2024, cxsecurity.com

 

Back to Top