0Xl0V3R

**Name of the Vulnerable Software and Affected Versions** Newsletter WordPress plugin versions prior to 7.4.5 **Description** The issue concerns a Reflected XSS vulnerability. It occurs because the `$ SERVER['REQUEST URI']` is not properly sanitized and escaped before being echoed back in admin pages. Although modern browsers automatically URLEncode requests, older browsers like Internet Explorer 9 or below are still vulnerable to this issue. **Recommendations** For versions prior to 7.4.5, update to version 7.4.5 or later to resolve the issue. As a temporary workaround, consider restricting access to admin pages in older browsers until the update is applied.