CVE-2024-1589

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-1589

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-1589.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-1589

Published

2024-04-08T05:15:07.763Z

Modified

2025-11-15T15:24:43.617053Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

The SendPress Newsletters WordPress plugin through 1.23.11.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

References

https://wpscan.com/vulnerability/5cfbbddd-d941-4665-be8b-a54454527571/

Affected packages

Git / github.com/brewlabs/sendpress

Affected ranges

Type: GIT
Repo: https://github.com/brewlabs/sendpress
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

6fcc4512569b5a8201cc9c15f1482d2f6873b81b

Affected versions

0.*

0.8.8

0.8.8.1

0.9.2

0.9.2-Beta

0.9.2.1

0.9.3

0.9.3.1

0.9.3.2

0.9.3.3

0.9.3.4

0.9.4

0.9.4.1

0.9.4.2

0.9.4.3

0.9.4.4

0.9.4.5

0.9.4.6

0.9.4.7

0.9.5

0.9.5.1

0.9.5.2

0.9.5.3

0.9.5.4

0.9.6

0.9.6.1

0.9.6.2

0.9.6.3

0.9.6.4

0.9.7

0.9.7.1

0.9.7.2

0.9.7.3

0.9.8

0.9.8.1

0.9.8.2

0.9.8.3

0.9.8.4

0.9.8.5

0.9.8.6

0.9.8.7

0.9.9

0.9.9.1

0.9.9.2

0.9.9.3

0.9.9.4

0.9.9.5

0.9.9.6

0.9.9.7

0.9.9.8

0.9.9.9

0.9.9.9.1

0.9.9.9.2

0.9.9.9.3

0.9.9.9.4

0.9.9.9.5

0.9.9.9.6

0.9.9.9.7

0.9.9.9.8

0.9.9.9.9

1.*

1.0

1.0.1

1.0.12.10

1.0.12.10.1

1.0.12.11

1.0.2

1.0.3

1.0.9

1.1

1.1.0.1

1.1.0.2

1.1.2.11

1.1.2.22

1.1.2.24

1.1.2.25

1.1.3.10

1.1.3.10.1

1.1.3.17

1.1.4.2

1.1.4.21

1.1.4.22

1.1.4.3

1.1.5.4

1.1.6.12

1.1.6.23

1.1.6.4

1.1.7.14

1.1.7.21

1.10.3.28

1.10.4.10

1.10.5.19

1.10.6.11

1.10.6.18

1.10.8.14

1.10.9.23

1.2

1.2.1

1.2.10.10

1.2.10.12

1.2.10.15

1.2.10.20

1.2.10.6

1.2.10.6.1

1.2.7.26

1.2.7.27

1.2.7.29

1.2.8.10

1.2.8.13

1.2.8.16

1.2.8.28

1.2.8.3

1.2.9.13

1.2.9.22

1.2.9.23

1.2.9.9

1.20.1.7

1.20.10.6

1.20.2.20

1.20.3.17

1.20.3.19

1.20.4.13

1.20.6.08

1.20.7.10

1.20.7.13

1.20.8.21

1.21.4.5

1.22.1.20

1.22.2.18

1.22.3.14

1.22.3.31

1.23.11.6

1.5

1.5.11.9

1.5.12.13

1.5.12.20

1.6.1.20

1.6.2.22

1.7

1.7.10.12

1.7.10.13

1.7.10.14

1.7.10.24

1.7.11.14

1.7.11.22

1.7.12.1

1.7.12.15

1.7.12.7

1.7.3.19

1.7.4.13

1.7.4.20

1.7.4.27

1.7.5.2

1.7.5.24

1.7.6.11

1.7.6.13

1.7.6.15

1.7.6.16

1.7.6.17

1.7.6.21

1.7.6.22

1.7.7.11

1.7.7.17

1.7.7.27

1.7.7.28

1.7.7.5

1.7.7.6

1.7.7.6.1

1.7.7.7

1.7.8.11

1.7.9.19

1.8.1.24

1.8.10.12

1.8.10.20

1.8.10.20.1

1.8.10.26

1.8.11.2

1.8.11.25

1.8.11.5

1.8.12.18

1.8.2.15

1.8.2.16

1.8.2.18

1.8.2.23

1.8.3.30

1.8.5.24

1.8.5.31

1.8.6.16

1.8.7.10

1.8.7.10.1

1.8.7.14

1.8.8.14

1.8.9.27

1.9.10.15

1.9.10.5

1.9.11.15

1.9.11.16

1.9.11.26

1.9.2.22

1.9.2.23

1.9.2.23.1

1.9.2.26

1.9.3.19

1.9.3.21

1.9.3.28

1.9.3.29

1.9.3.29.1

1.9.3.5

1.9.5.10

1.9.6.19

1.9.6.19.1

1.9.6.20

1.9.6.26

1.9.7.13

1.9.7.17

1.9.7.18

1.9.8.19

1.9.9.25

1.9.9.25.1

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-1589.json"