- WordPress Plugin Email Subscribers & Newsletters is prone to multiple vulnerabilities, including cross-site scripting and SQL injection vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, to steal cookie-based authentication credentials, to compromise the application, access or modify data or to exploit vulnerabilities in the underlying database. WordPress Plugin Email Subscribers & Newsletters version 2.9 is vulnerable; prior versions may also be affected.
- Update to plugin version 2.9.1 or latest
- WordPress Plugin BuddyDrive Cross-Site Scripting (1.2.2)
- WordPress Plugin WP-PostRatings Cross-Site Scripting (1.50)
- WordPress Plugin WordPress Backup to Dropbox Cross-Site Scripting (4.0)
- WordPress Plugin WP Crontrol Cross-Site Scripting (1.2.3)
- Drupal Core 5.x Cross-Site Request Forgery (5.0 - 5.5)