Vulnerability Details : CVE-2022-1756

CVE Name: CVE-2022-1756: Xss vulnerability on Thenewsletterplugin Newsletter
Description: The Newsletter WordPress plugin before 7.4.5 does not sanitize and escape the $_SERVER['REQUEST_URI'] before echoing it back in admin pages. Although this uses addslashes, and most modern browsers automatically URLEncode requests, this is still vulnerable to Reflected XSS in older browsers such as Internet Explorer 9 or below.
Publish date: 2022-06-13T13:15Z
Last Update: 2022-06-22T19:44Z

CVSS Scores & Vulnerability Types

CVSS Score
6.1
Confidentiality ImpactLOW
Integrity ImpactLOW
Availability ImpactNONE
Actack VectorNETWORK
Actack ComplexityLOW
Privileges RequiredNONE
User InteractionREQUIRED
ScopeCHANGED
Vulnerability Type(s)Xss
CWE ID79

Products Affected By CVE-2022-1756

# Vendor Product Vulnerable Versions
1 Thenewsletterplugin Newsletter 1

Detail of Verions Affected

# Product Type Vendor Product Version
1 Application Thenewsletterplugin Newsletter * Wordpress

References For CVE-2022-1756

Hyperlink Resource
https://wpscan.com/vulnerability/6ad407fe-db2b-41fb-834b-dd8c4f62b072 Exploit, Third Party Advisory