Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in the Newsletter Manager plugin before 1.0.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) xyz_em_campName to admin/create_campaign.php or (2) admin/edit_campaign.php, (3) xyz_em_email parameter to admin/edit_email.php, (4) xyz_em_exportbatchSize parameter to import_export.php, or (5) pagination limit in the Newsletter Manager options.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Xyzscripts | Newsletter Manager | <= 1.0.2 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.org/files/112694/WordPress-Newsletter-Manager-1.0-CroExploit
- http://secunia.com/advisories/49183Vendor Advisory
- https://plugins.trac.wordpress.org/changeset/533904ExploitPatch
- http://packetstormsecurity.org/files/112694/WordPress-Newsletter-Manager-1.0-CroExploit
- http://secunia.com/advisories/49183Vendor Advisory
- https://plugins.trac.wordpress.org/changeset/533904ExploitPatch
FAQ
What is CVE-2012-6628?
CVE-2012-6628 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in the Newsletter Manager plugin before 1.0.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) xyz_em_campNam...
How severe is CVE-2012-6628?
CVE-2012-6628 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-6628?
Check the references section above for vendor advisories and patch information. Affected products include: Xyzscripts Newsletter Manager.