CVE-2023-41729

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Published Oct 2, 2023

Updated: Oct 3, 2023

CWE ID 79

Summary

CVE-2023-41729 is a stored Cross-Site Scripting (XSS) vulnerability affecting version 1.22.3.31 of the SendPress Newsletters plugin for WordPress. This issue allows an attacker to inject malicious scripts into the admin area of a vulnerable website. Successful exploitation could allow the attacker to bypass access controls and gain administrative privileges, ultimately compromising the entire site. Websites using this plugin are urged to update to the latest version as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sg3jo3
https://www.cve.org/CVERecord?id=CVE-2023-41729
https://nvd.nist.gov/vuln/detail/CVE-2023-41729

Back to Vulnerability Database

CVE-2023-41729

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations