Vulnerability Details : CVE-2022-1756

CVE Name: CVE-2022-1756: Xss vulnerability on Thenewsletterplugin Newsletter
Description: The Newsletter WordPress plugin before 7.4.5 does not sanitize and escape the $_SERVER['REQUEST_URI'] before echoing it back in admin pages. Although this uses addslashes, and most modern browsers automatically URLEncode requests, this is still vulnerable to Reflected XSS in older browsers such as Internet Explorer 9 or below.
Publish date: 2022-06-13T13:15Z
Last Update: 2022-06-22T19:44Z

CVSS Scores & Vulnerability Types

CVSS Score
Confidentiality ImpactLOW
Integrity ImpactLOW
Availability ImpactNONE
Actack VectorNETWORK
Actack ComplexityLOW
Privileges RequiredNONE
User InteractionREQUIRED
Vulnerability Type(s)Xss

Products Affected By CVE-2022-1756

# Vendor Product Vulnerable Versions
1 Thenewsletterplugin Newsletter 1

Detail of Verions Affected

# Product Type Vendor Product Version
1 Application Thenewsletterplugin Newsletter * Wordpress

References For CVE-2022-1756

Hyperlink Resource Exploit, Third Party Advisory