First published: Tue Feb 04 2025(Updated: )
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SendPulse SendPulse Email Marketing Newsletter allows Stored XSS. This issue affects SendPulse Email Marketing Newsletter: from n/a through 2.1.5.
Credit: audit@patchstack.com
Affected Software | Affected Version | How to fix |
---|---|---|
SendPulse Email Marketing Newsletter | <=2.1.5 | |
SendPulse Email Marketing Newsletter | <=2.1.5 |
Update the WordPress SendPulse Email Marketing Newsletter wordpress plugin to the latest available version (at least 2.1.6).
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2025-22662 is classified as a stored Cross-Site Scripting (XSS) vulnerability.
To fix CVE-2025-22662, update the SendPulse Email Marketing Newsletter plugin to versions beyond 2.1.5.
CVE-2025-22662 affects SendPulse Email Marketing Newsletter versions up to and including 2.1.5.
CVE-2025-22662 is an Improper Neutralization of Input During Web Page Generation, leading to a Cross-Site Scripting (XSS) issue.
The vulnerable products include SendPulse Email Marketing Newsletter and its WordPress plugin, both up to version 2.1.5.