Description:
In LetterPress plugin <= 1.2.1 is vulnerable to Cookie Stealing Vulnerability. An attacker can able to steal the cookies by injecting the JavaScript code.

Exploit:
1. In LetterPress plugin navigate to Add Campaign and insert the code “” in HTML Campaign Message input field and click on Save Campaign.
2. View the campaign and monitor the requests & responses in 3rd party site (Ex: burpcollaborator)
3. The cookies values are passed in the GET parameter of 3rd party site.