Report
A Reflected Authenticated Cross-Site Scripting (XSS) vulnerability in the Newsletter plugin before 6.8.2 for WordPress allows remote attackers to trick a victim into submitting a tnpc_render AJAX request containing either JavaScript in an options parameter, or a base64-encoded JSON string containing JavaScript in the encoded_options parameter.
Score:6.5
Severity:Medium
Version: 6.8.1
There is a patch available in v6.8.2 and we strongly recommend you update to this version as soon as possible.
