Posts Tagged ‘Knews Multilingual Newsletters’

Wordpress Vulnerability

XSS in WordPress

Vulnerability: CSRF attack in WordPress Knews Multilingual Newsletters

Danger: Low
Patch: Yes
Number of vulnerabilities: 1

Vector operation: Remote
Impact: Cross Site Scripting

Affected products: WordPress Knews Multilingual Newsletters Plugin 1.x

Affected versions: Knews WordPress Multilingual Newsletters 1.2.5, possibly earlier.


The vulnerability allows malicious people to conduct XSS attacks.

The vulnerability is caused due to the lack of authentication of HTTP requests when you perform some action. A remote user can perform CSRF attack and change the e-mail address. (more…)