CVE-2022-1889

Summary

The Newsletter WordPress plugin before 7.4.6 does not escape and sanitise the preheader_text setting, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfilteredhtml is disallowed

Affected Software

VendorProductVersion RangeStatus
UnknownNewsletter – Send awesome emails from WordPress7.4.6 < 7.4.6affected

Weaknesses

  • CWE-79: CWE-79 Cross-site Scripting (XSS)

ADP Enrichment

CVE Program Container

Additional References

References