A Reflected Authenticated Cross-Site Scripting (XSS) vulnerability in the Newsletter plugin before 6.8.2 for WordPress allows remote attackers to trick a victim into submitting a tnpc_render AJAX request containing either JavaScript in an options parameter, or a base64-encoded JSON string containing JavaScript in the encoded_options parameter.
References
Link | Resource |
---|---|
https://www.wordfence.com/blog/2020/08/newsletter-plugin-vulnerabilities-affect-over-300000-sites/ | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-01-01T01:24:35
Updated: 2021-01-01T01:24:35
Reserved: 2021-01-01T00:00:00
Link: CVE-2020-35933
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-01-01T02:15:13.237
Modified: 2023-05-18T15:42:47.343
Link: CVE-2020-35933
JSON object: View
Redhat Information
No data.
CWE