Faizan Shaik

**Name of the Vulnerable Software and Affected Versions** MailerPress – Email Marketing, Newsletter, Email Automation & WooCommerce Emails versions prior to 2.0.5 **Description** Insufficient input sanitization and output escaping allow authenticated attackers with author-level access or higher to perform Stored Cross-Site Scripting. This is achieved by injecting arbitrary web scripts into the Campaign HTML Content field, which then execute when a user accesses the injected page within the admin dashboard preview. Stored Cross-Site Scripting is a flaw where malicious scripts are permanently stored on the target server. **Recommendations** Update to a version later than 2.0.4.