- Description
- The Newsletters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the logging functionality in all versions up to, and including, 4.9.9.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
- Source
- security@wordfence.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Primary
- Base score
- 7.2
- Impact score
- 2.7
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
- Severity
- HIGH
- security@wordfence.com
- CWE-79
- Hype score
- Not currently trending
🚨 CVE-2025-2009 🔴 HIGH (7.2) 🏢 contrid - Newsletters 🏗️ * 🔗 https://t.co/KcvBcYtVkg 🔗 https://t.co/xIGZOAyEAV 🔗 https://t.co/iiQsCjMnxE #CyberCron #VulnAlert #InfoSec https://t.co/k3XsJqSZkA
@cybercronai
26 Mar 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
�� CVE-2025-2009 - WordPress - HIGH 🚨 🗓️ Date published 2025-03-26 09:15:16 UTC #WordPress #CyberSecurity #InfoSec #Vulnerability #TechNews https://t.co/HIoZGE9oTV
@vulns_space
26 Mar 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-2009 The Newsletters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the logging functionality in all versions up to, and including, 4.9.9.7 due to ins… https://t.co/TpioZ6P7Bc
@CVEnew
26 Mar 2025
304 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes