CVE-2025-47547

📊 6.5 MEDIUM⚡ 0.0%🎯 0 exploits

📅 Published May 7, 2025

📋 Status: Analyzed

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SendPulse SendPulse Email Marketing Newsletter allows Stored XSS. This issue affects SendPulse Email Marketing Newsletter: from n/a through 2.1.6.

CVSS v3.1 • [email protected]

🎯 Affected Products & Systems

1 product configurations affected

Filter by type:

Type	Vendor	Product	Version Range	Status	CPE String
📱App	sendpulse	sendpulse email marketing newsletter	≤ 2.1.6 Target SW: wordpress	Vulnerable	cpe:2.3:a:sendpulse:sendpulse_email_marketing_newsletter::::::wordpress::*

📱

sendpulse / sendpulse email marketing newsletter

Application

Vulnerable

Version: ≤ 2.1.6

Target SW: wordpress

CPE:

cpe:2.3:a:sendpulse:sendpulse_email_marketing_newsletter:*:*:*:*:*:wordpress:*:*

Metrics

6.5 MEDIUMCVSS v3.1[email protected]

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

Attack Vector:

NETWORK

Complexity:

LOW

Privileges:

LOW

User Interaction:

REQUIRED

Confidentiality:

LOW

Integrity:

LOW

Availability:

LOW

Scope:

CHANGED

🔍 Technical Details

Analysis Status

Analyzed

CVSS Details

6.5 (MEDIUM)v3.1

Source: [email protected]

EPSS Details

0.0% (Minimal)5.0th percentile

Last updated: Oct 31, 2025

Exploitation probability within 30 days

Published Date

May 7, 2025 (5 months ago)

Last Modified

May 12, 2025 (5 months ago)

Security Weaknesses1

CWE-79

References2

NVDadvisory