| CVE | Not available |
|---|---|
| CVSS | Medium (4.3) |
| Publicly Published | March 30, 2015 |
| Last Updated | January 22, 2024 |
| Researcher |
James Hooker
|
The Newsletter plugin is susceptible to an Open Redirect vulnerability. This issue is due to the fact user input it taken, and trusted, without validation. This user input is used when tracking link clicks, via the ‘newsletter/statistics/link.php’ script. User input is Base64 encoded, and split on the ‘;’ character, the third column of which can be manipulated in order to control where the user is redirected to.
References| Software Type | Plugin |
|---|---|
| Software Slug | newsletter (view on wordpress.org) |
| Patched? | Yes |
| Affected Version |
|
| Patched Version |
|
Copyright 2012-2026 Defiant Inc.
License: Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy.
License Detail.