CVE-2022-1889
published 2022-06-20CVE-2022-1889: The Newsletter WordPress plugin before 7.4.6 does not escape and sanitise the preheader_text setting, which could allow high privilege users to perform Stored…
PriorityP418medium4.8CVSS 3.1
AVNACLPRHUIRSCCLILAN
EPSS
0.55%
41.9th percentile
The Newsletter WordPress plugin before 7.4.6 does not escape and sanitise the preheader_text setting, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfilteredhtml is disallowed
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| thenewsletterplugin | newsletter | < 7.4.6 | 7.4.6 |
CVSS provenance
nvdv3.14.8MEDIUMCVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
cisa9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-qf3v-9qqm-2rm9: The Newsletter WordPress plugin before 7
ghsa_unreviewed·2022-06-21
CVE-2022-1889 [MEDIUM] CWE-79 GHSA-qf3v-9qqm-2rm9: The Newsletter WordPress plugin before 7
The Newsletter WordPress plugin before 7.4.6 does not escape and sanitise the preheader_text setting, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfilteredhtml is disallowed
CISA
Microsoft XML Core Services Memory Corruption Vulnerability
cisa·2022-06-08·CVSS 8.8
CVE-2012-1889 [HIGH] CWE-119 Microsoft XML Core Services Memory Corruption Vulnerability
Vulnerability: Microsoft XML Core Services Memory Corruption Vulnerability
Affected: Microsoft XML Core Services
Microsoft XML Core Services contains a memory corruption vulnerability which could allow for remote code execution.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2012-1889
Remediation Due Date: 2022-06-22
CISA
Microsoft Forefront TMG Remote Code Execution Vulnerability
cisa·2022-03-03·CVSS 9.8
CVE-2011-1889 [CRITICAL] CWE-119 Microsoft Forefront TMG Remote Code Execution Vulnerability
Vulnerability: Microsoft Forefront TMG Remote Code Execution Vulnerability
Affected: Microsoft Forefront Threat Management Gateway (TMG)
A remote code execution vulnerability exists in the Forefront Threat Management Gateway (TMG) Firewall Client Winsock provider that could allow code execution in the security context of the client application.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2011-1889
Remediation Due Date: 2022-03-24
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-06-20
Published