CVE-2023-27922

Name of the Vulnerable Software and Affected Versions Newsletter versions prior to 7.6.9

Description The issue is a cross-site scripting vulnerability that allows a remote unauthenticated attacker to inject an arbitrary script. This can be exploited to conduct cross-site scripting attacks. The vulnerability exists due to inadequate protection of the web page structure.

Recommendations For versions prior to 7.6.9, update to version 7.6.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the Newsletter plugin to minimize the risk of exploitation. Avoid using the plugin until the issue is resolved.