Cross-Site Scripting Vulnerability in eelv-newsletter Plugin for WordPress
CVE-2017-18522

6.1MEDIUM

Key Information:

Vendor

Wordpress

Vendor
CVE Published:
20 August 2019

What is CVE-2017-18522?

The eelv-newsletter plugin for WordPress prior to version 4.6.1 contains a vulnerability that allows an attacker to exploit cross-site scripting (XSS) in the address book functionality. This flaw could lead to unauthorized script execution in the context of the user's session, potentially compromising sensitive information and enabling malicious activities within the site.

References

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2017-18522 : Cross-Site Scripting Vulnerability in eelv-newsletter Plugin for WordPress