{"id":"CVE-2024-1588","details":"The SendPress Newsletters WordPress plugin through 1.23.11.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)","modified":"2026-04-09T09:54:35.532714Z","published":"2024-04-08T05:15:07.710Z","references":[{"type":"EVIDENCE","url":"https://wpscan.com/vulnerability/2772c921-d977-4150-b207-ae5ba5e2a6db/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/brewlabs/sendpress","events":[{"introduced":"0"},{"last_affected":"6fcc4512569b5a8201cc9c15f1482d2f6873b81b"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.23.11.6"}]}}],"versions":["0.8.8","0.8.8.1","0.9.2","0.9.2-Beta","0.9.2.1","0.9.3","0.9.3.1","0.9.3.2","0.9.3.3","0.9.3.4","0.9.4","0.9.4.2","0.9.4.3","0.9.4.5","0.9.4.6","0.9.4.7","0.9.5","0.9.5.1","0.9.5.2","0.9.6","0.9.6.1","0.9.6.2","0.9.6.3","0.9.6.4","0.9.7.1","0.9.7.2","0.9.7.3","0.9.8","0.9.8.1","0.9.8.2","0.9.8.3","0.9.8.4","0.9.8.5","0.9.8.6","0.9.8.7","0.9.9","0.9.9.1","0.9.9.2","0.9.9.3","0.9.9.4","0.9.9.5","0.9.9.6","0.9.9.7","0.9.9.8","0.9.9.9","0.9.9.9.1","0.9.9.9.2","0.9.9.9.3","0.9.9.9.4","0.9.9.9.5","0.9.9.9.6","0.9.9.9.7","0.9.9.9.8","0.9.9.9.9","1.0","1.0.2","1.0.3","1.0.9","1.1.2.11","1.1.2.22","1.1.2.24","1.1.3.10","1.1.3.10.1","1.1.4.2","1.1.4.21","1.1.4.22","1.1.4.3","1.1.5.4","1.1.7.14","1.1.7.21","1.10.3.28","1.10.4.10","1.10.5.19","1.10.6.11","1.10.6.18","1.10.8.14","1.10.9.23","1.2","1.2.1","1.2.10.10","1.2.10.12","1.2.10.6","1.2.10.6.1","1.2.7.26","1.2.7.27","1.2.7.29","1.2.8.10","1.2.8.13","1.2.8.16","1.2.8.28","1.2.8.3","1.2.9.13","1.2.9.9","1.20.1.7","1.20.10.6","1.20.2.20","1.20.3.17","1.20.3.19","1.20.4.13","1.20.6.08","1.20.7.10","1.20.7.13","1.20.8.21","1.21.4.5","1.22.1.20","1.22.2.18","1.22.3.14","1.22.3.31","1.23.11.6","1.5","1.5.11.9","1.5.12.13","1.5.12.20","1.6.1.20","1.6.2.22","1.7","1.7.10.12","1.7.10.13","1.7.11.14","1.7.11.22","1.7.12.1","1.7.12.15","1.7.12.7","1.7.3.19","1.7.4.13","1.7.4.20","1.7.4.27","1.7.5.2","1.7.5.24","1.7.9.19","1.8.10.26","1.8.11.2","1.8.11.25","1.8.11.5","1.8.12.18","1.8.5.24","1.8.5.31","1.8.6.16","1.8.7.10","1.8.7.10.1","1.8.8.14","1.8.9.27","1.9.10.15","1.9.10.5","1.9.11.15","1.9.11.16","1.9.11.26","1.9.2.22","1.9.2.23","1.9.2.23.1","1.9.2.26","1.9.3.19","1.9.3.21","1.9.3.28","1.9.3.29","1.9.3.29.1","1.9.3.5","1.9.5.10","1.9.6.19.1","1.9.6.20","1.9.6.26","1.9.7.13","1.9.7.17"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-1588.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H"}]}