Vulnerability Details CVE-2022-1756
The Newsletter WordPress plugin before 7.4.5 does not sanitize and escape the $_SERVER['REQUEST_URI'] before echoing it back in admin pages. Although this uses addslashes, and most modern browsers automatically URLEncode requests, this is still vulnerable to Reflected XSS in older browsers such as Internet Explorer 9 or below.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.032
EPSS Ranking 86.4%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
Products affected by CVE-2022-1756
-
cpe:2.3:a:thenewsletterplugin:newsletter:-
-
cpe:2.3:a:thenewsletterplugin:newsletter:2.4.6
-
cpe:2.3:a:thenewsletterplugin:newsletter:6.8.2
-
cpe:2.3:a:thenewsletterplugin:newsletter:7.0.0
-
cpe:2.3:a:thenewsletterplugin:newsletter:7.0.1
-
cpe:2.3:a:thenewsletterplugin:newsletter:7.0.2
-
cpe:2.3:a:thenewsletterplugin:newsletter:7.0.3
-
cpe:2.3:a:thenewsletterplugin:newsletter:7.0.4
-
cpe:2.3:a:thenewsletterplugin:newsletter:7.0.5
-
cpe:2.3:a:thenewsletterplugin:newsletter:7.0.6
-
cpe:2.3:a:thenewsletterplugin:newsletter:7.0.7
-
cpe:2.3:a:thenewsletterplugin:newsletter:7.0.8
-
cpe:2.3:a:thenewsletterplugin:newsletter:7.0.9
-
cpe:2.3:a:thenewsletterplugin:newsletter:7.1.0
-
cpe:2.3:a:thenewsletterplugin:newsletter:7.1.1
-
cpe:2.3:a:thenewsletterplugin:newsletter:7.1.2
-
cpe:2.3:a:thenewsletterplugin:newsletter:7.1.3
-
cpe:2.3:a:thenewsletterplugin:newsletter:7.1.4
-
cpe:2.3:a:thenewsletterplugin:newsletter:7.1.5
-
cpe:2.3:a:thenewsletterplugin:newsletter:7.1.6
-
cpe:2.3:a:thenewsletterplugin:newsletter:7.1.7
-
cpe:2.3:a:thenewsletterplugin:newsletter:7.1.8
-
cpe:2.3:a:thenewsletterplugin:newsletter:7.1.9
-
cpe:2.3:a:thenewsletterplugin:newsletter:7.2.0
-
cpe:2.3:a:thenewsletterplugin:newsletter:7.2.1
-
cpe:2.3:a:thenewsletterplugin:newsletter:7.2.2
-
cpe:2.3:a:thenewsletterplugin:newsletter:7.2.3
-
cpe:2.3:a:thenewsletterplugin:newsletter:7.2.4
-
cpe:2.3:a:thenewsletterplugin:newsletter:7.2.5
-
cpe:2.3:a:thenewsletterplugin:newsletter:7.2.6
-
cpe:2.3:a:thenewsletterplugin:newsletter:7.2.7
-
cpe:2.3:a:thenewsletterplugin:newsletter:7.2.8
-
cpe:2.3:a:thenewsletterplugin:newsletter:7.2.9
-
cpe:2.3:a:thenewsletterplugin:newsletter:7.3.0
-
cpe:2.3:a:thenewsletterplugin:newsletter:7.3.1
-
cpe:2.3:a:thenewsletterplugin:newsletter:7.3.2
-
cpe:2.3:a:thenewsletterplugin:newsletter:7.3.3
-
cpe:2.3:a:thenewsletterplugin:newsletter:7.3.4
-
cpe:2.3:a:thenewsletterplugin:newsletter:7.3.5
-
cpe:2.3:a:thenewsletterplugin:newsletter:7.3.6
-
cpe:2.3:a:thenewsletterplugin:newsletter:7.3.7
-
cpe:2.3:a:thenewsletterplugin:newsletter:7.3.8
-
cpe:2.3:a:thenewsletterplugin:newsletter:7.3.9
-
cpe:2.3:a:thenewsletterplugin:newsletter:7.4.0
-
cpe:2.3:a:thenewsletterplugin:newsletter:7.4.1
-
cpe:2.3:a:thenewsletterplugin:newsletter:7.4.2
-
cpe:2.3:a:thenewsletterplugin:newsletter:7.4.3
-
cpe:2.3:a:thenewsletterplugin:newsletter:7.4.4