CVE-2025-13515 | Nouri.sh Newsletter Plugin up to 1.0.1.3 on WordPress $_SERVER[‘PHP_SELF’] cross site scripting

December 5, 2025 Yanac

A vulnerability was found in Nouri.sh Newsletter Plugin up to 1.0.1.3 on WordPress. It has been declared as problematic. Impacted is an unknown function. Executing manipulation of the argument $_SERVER[‘PHP_SELF’] can lead to cross site scripting.

This vulnerability appears as CVE-2025-13515. The attack may be performed from remote. There is no available exploit.VulDB Recent EntriesRead More