The POST SMTP Mailer WordPress plugin before 2.7.1 does not escape email message content before displaying it in the backend, allowing an unauthenticated attacker to perform XSS attacks against highly privileged users.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/22fa478d-e42e-488d-9b4b-a8720dec7cee | Exploit Third Party Advisory |
https://wpscan.com/vulnerability/22fa478d-e42e-488d-9b4b-a8720dec7cee | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 08:42
Type | Values Removed | Values Added |
---|---|---|
References | () https://wpscan.com/vulnerability/22fa478d-e42e-488d-9b4b-a8720dec7cee - Exploit, Third Party Advisory |
02 Dec 2023, 04:36
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-79 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
CPE | cpe:2.3:a:wpexperts:post_smtp_mailer:*:*:*:*:*:wordpress:*:* | |
References | () https://wpscan.com/vulnerability/22fa478d-e42e-488d-9b4b-a8720dec7cee - Exploit, Third Party Advisory |
27 Nov 2023, 19:03
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-11-27 17:15
Updated : 2024-11-21 08:42
NVD link : CVE-2023-5958
Mitre link : CVE-2023-5958
CVE.ORG link : CVE-2023-5958
JSON object : View
Products Affected
wpexperts
- post_smtp_mailer
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')