Newsletter Plugin Vulnerabilities Affect Over 300,000 Sites

On July 13, 2020, our Threat Intelligence team was alerted to a recently patched vulnerability in Newsletter, a WordPress plugin with over 300,000 installations. While investigating this vulnerability, we discovered two additional, more serious vulnerabilities, including a reflected Cross-Site Scripting(XSS) vulnerability and a PHP Object Injection vulnerability.

We reached out to the plugin’s author on July 15, 2020, and received a response the next day. After fully disclosing the vulnerability on July 16, 2020, the plugin’s author released a patch the next day, on July 17, 2020.

A firewall rule to protect against the Reflected Cross-Site Scripting vulnerability was released

This post was originally published on this site

Work With Xiphos Web Marketing

No business is too small to succeed, thanks to online technology! From marketing, to customer service, to placing orders, to customer financing, there are tools that anyone can utilize. Let me, Nate Houstman, be your guide!


Pin It on Pinterest

Share This
Xiphos Web Marketing