23 Feb

Vulnerability Details: Cross-Site Request Forgery (CSRF)/Cross-Site Scripting (XSS) Vulnerability in Simple Newsletter Plugin

Two weeks ago a user, yuyang998, on the wordpress.org Support Forum disclosed that the plugin Simple Newsletter Plugin has either a persistent or reflected cross-site scripting (XSS) vulnerability. On the thread for one of their others disclosures, we asked if they would be disclosing the details of them somewhere and didn’t get an answer in their response, so we will go ahead and ...

To read the rest of this post you need to have an active account with our service.

For existing customers, please log in to your account to view the rest of the post.

If you are not currently a customer, when you sign up now you can try the service for half off (there are a lot of other reason that you will want to sign up beyond access to posts like this one).

If you are a WordPress plugin security researcher please contact us to get free access to all of our Vulnerability Details posts.

Leave a Reply

Your email address will not be published. Required fields are marked *