Cross-Site Scripting Vulnerability in Newsletter Manager Plugin by WordPress
CVE-2012-6627

Currently unrated

Key Information:

Vendor: Wordpress
Status: Newsletter Manager
Vendor: CVE Published:; 16 January 2014

Summary

A Cross-Site Scripting (XSS) vulnerability exists in the Newsletter Manager plugin, specifically within the admin/test_mail.php file. This issue allows remote attackers to inject arbitrary web scripts or HTML via the 'id' parameter. Exploitation of this vulnerability could lead to unauthorized actions on behalf of users of the affected site, making it crucial for website administrators to ensure they are using updated and secure versions of the plugin.

References

http://packetstormsecurity.org/files/112694/WordPress-New...

x_refsource_MISC

http://secunia.com/advisories/49152

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jan 16, 2014