CVE-2024-11683

Name of the Vulnerable Software and Affected Versions Newsletter Subscriptions plugin for WordPress versions prior to 2.1

Description The issue is related to Reflected Cross-Site Scripting via the token type parameter due to insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action, such as clicking on a link.

Recommendations For versions prior to 2.1, update to a version that includes the necessary security patches to address the insufficient input sanitization and output escaping issues related to the token type parameter. As a temporary workaround, consider restricting access to the token type parameter to minimize the risk of exploitation.