Simple Popup Newsletter <= 1.4.7 Reflected Cross-Site Scripting
CVE-2021-34658

6.1MEDIUM

Key Information:

Vendor
Wordpress
Vendor
CVE Published:
16 August 2021

Summary

The Simple Popup Newsletter WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $_SERVER['PHP_SELF'] in the ~/simple-popup-newsletter.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.4.7.

Affected Version(s)

Simple Popup Newsletter 1.4.7

References

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

p7e4
.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.