Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A Reflected Authenticated Cross-Site Scripting (XSS) vulnerability in the Newsletter plugin before 6.8.2 for WordPress allows remote attackers to trick a victim into submitting a tnpc_render AJAX request containing either JavaScript in an options parameter, or a base64-encoded JSON string containing JavaScript in the encoded_options parameter.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
Vulnerability Type
N/A
Vulnerability Title
WordPress 跨站脚本漏洞
Vulnerability Description
WordPress是WordPress(Wordpress)基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。 WordPress Newsletter plugin before 6.8.2 存在跨站脚本漏洞,该漏洞允许远程攻击者可利用该漏洞欺骗受害者提交一个tnpc渲染AJAX请求,该请求要么包含JavaScript的选项参数,要么包含base64编码的JSON字符串的选项参数。
CVSS Information
N/A
Vulnerability Type
N/A