All the vulnerabilites related to Unknown - Newsletter – Send awesome emails from WordPress
cve-2022-1889
Vulnerability from cvelistv5
Published
2022-06-20 10:26
Modified
2024-08-03 00:17
Severity ?
EPSS score ?
Summary
Newsletter < 7.4.6 - Admin+ Stored Cross-Site Scripting
References
| ▼ | URL | Tags |
|---|---|---|
| https://wpscan.com/vulnerability/ee3832e2-ce40-4063-a23e-44c7f7f5f46a | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Unknown | Newsletter – Send awesome emails from WordPress |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:17:00.922Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/ee3832e2-ce40-4063-a23e-44c7f7f5f46a"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Newsletter \u2013 Send awesome emails from WordPress",
"vendor": "Unknown",
"versions": [
{
"lessThan": "7.4.6",
"status": "affected",
"version": "7.4.6",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "PHYO WIN SHEIN"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Newsletter WordPress plugin before 7.4.6 does not escape and sanitise the preheader_text setting, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfilteredhtml is disallowed"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-20T10:26:13",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/ee3832e2-ce40-4063-a23e-44c7f7f5f46a"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Newsletter \u003c 7.4.6 - Admin+ Stored Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-1889",
"STATE": "PUBLIC",
"TITLE": "Newsletter \u003c 7.4.6 - Admin+ Stored Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Newsletter \u2013 Send awesome emails from WordPress",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "7.4.6",
"version_value": "7.4.6"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "PHYO WIN SHEIN"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Newsletter WordPress plugin before 7.4.6 does not escape and sanitise the preheader_text setting, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfilteredhtml is disallowed"
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/ee3832e2-ce40-4063-a23e-44c7f7f5f46a",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/ee3832e2-ce40-4063-a23e-44c7f7f5f46a"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-1889",
"datePublished": "2022-06-20T10:26:13",
"dateReserved": "2022-05-25T00:00:00",
"dateUpdated": "2024-08-03T00:17:00.922Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-1756
Vulnerability from cvelistv5
Published
2022-06-13 12:42
Modified
2024-08-03 00:16
Severity ?
EPSS score ?
Summary
Newsletter < 7.4.5 - Reflected Cross-Site Scripting
References
| ▼ | URL | Tags |
|---|---|---|
| https://wpscan.com/vulnerability/6ad407fe-db2b-41fb-834b-dd8c4f62b072 | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Unknown | Newsletter – Send awesome emails from WordPress |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:16:59.701Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/6ad407fe-db2b-41fb-834b-dd8c4f62b072"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Newsletter \u2013 Send awesome emails from WordPress",
"vendor": "Unknown",
"versions": [
{
"lessThan": "7.4.5",
"status": "affected",
"version": "7.4.5",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "PHYO WIN SHEIN"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Newsletter WordPress plugin before 7.4.5 does not sanitize and escape the $_SERVER[\u0027REQUEST_URI\u0027] before echoing it back in admin pages. Although this uses addslashes, and most modern browsers automatically URLEncode requests, this is still vulnerable to Reflected XSS in older browsers such as Internet Explorer 9 or below."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-13T12:42:33",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/6ad407fe-db2b-41fb-834b-dd8c4f62b072"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Newsletter \u003c 7.4.5 - Reflected Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2022-1756",
"STATE": "PUBLIC",
"TITLE": "Newsletter \u003c 7.4.5 - Reflected Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Newsletter \u2013 Send awesome emails from WordPress",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "7.4.5",
"version_value": "7.4.5"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "PHYO WIN SHEIN"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Newsletter WordPress plugin before 7.4.5 does not sanitize and escape the $_SERVER[\u0027REQUEST_URI\u0027] before echoing it back in admin pages. Although this uses addslashes, and most modern browsers automatically URLEncode requests, this is still vulnerable to Reflected XSS in older browsers such as Internet Explorer 9 or below."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/6ad407fe-db2b-41fb-834b-dd8c4f62b072",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/6ad407fe-db2b-41fb-834b-dd8c4f62b072"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-1756",
"datePublished": "2022-06-13T12:42:33",
"dateReserved": "2022-05-17T00:00:00",
"dateUpdated": "2024-08-03T00:16:59.701Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}