WordPress Plugin Vulnerabilities

WP-EMail <= 2.67.2 - Cross-Site Scripting (XSS)

Description

If the Plugin is activated then the email submission form can be found on the /email/ directory on individual Post/Pages.

For example:

http://example.com/2017/05/31/hello-world/email/

Affects Plugins

Plugin icon
wp-email
Fixed in 2.67.3

References

URL
https://github.com/lesterchan/wp-email/commit/315945083b88cedc1bda9c66cd8f23647fd3bd71

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
Yes
WPVDB ID
ffd743e0-fb24-4f3a-b690-c9148e1f5623

Timeline

Publicly Published
2016-07-07 (about 7 years ago)
Added
2016-11-14 (about 7 years ago)
Last Updated
2019-11-01 (about 4 years ago)

Other

Published
Title
Published
2023-08-21
Title
Min Max Control < 4.6 - Reflected XSS
Published
2021-08-09
Title
SliceWP < 1.0.46 - Reflected Cross-Site Scripting (XSS)
Published
2019-07-27
Title
Animate It < 2.3.6 - XSS
Published
2023-11-07
Title
Seo By 10Web <= 1.2.9 - Reflected XSS
Published
2019-05-20
Title
FV Flowplayer Video Player < 7.3.14.727 - Unauthenticated Stored XSS