ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Newsletter Lite plugin <= 4.6.16 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability

Product
Newsletters
Description
Authenticated Reflected Cross-Site Scripting (XSS) vulnerability found in WordPress Newsletter Lite plugin (versions <= 4.6.16).
Solution
Update the WordPress Newsletter Lite plugin to the latest available version (at least 4.6.18).
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
Plugin changelog
CVE
Name CVE-N/A
Versions
Affected In <= 4.6.16
Fixed In 4.6.18
Disclosure date
2019-07-11
Submitter
ThreatPress