CVE-2022-1756

Name of the Vulnerable Software and Affected Versions Newsletter WordPress plugin versions prior to 7.4.5

Description The issue concerns a Reflected XSS vulnerability. It occurs because the $ SERVER['REQUEST URI'] is not properly sanitized and escaped before being echoed back in admin pages. Although modern browsers automatically URLEncode requests, older browsers like Internet Explorer 9 or below are still vulnerable to this issue.

Recommendations For versions prior to 7.4.5, update to version 7.4.5 or later to resolve the issue. As a temporary workaround, consider restricting access to admin pages in older browsers until the update is applied.