exploitDog

CVE-2023-5958

Опубликовано: 27 нояб. 2023

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

The POST SMTP Mailer WordPress plugin before 2.7.1 does not escape email message content before displaying it in the backend, allowing an unauthenticated attacker to perform XSS attacks against highly privileged users.

Ссылки

https://wpscan.com/vulnerability/22fa478d-e42e-488d-9b4b-a8720dec7cee
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/22fa478d-e42e-488d-9b4b-a8720dec7cee
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wpexperts:post_smtp:*:*:*:*:*:wordpress:*:*

Версия до 2.7.1 (исключая)

EPSS

Процентиль: 73%

0.00779

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-2r79-jc6j-hh65

CVSS3: 6.1

github

около 2 лет назад

The POST SMTP Mailer WordPress plugin before 2.7.1 does not escape email message content before displaying it in the backend, allowing an unauthenticated attacker to perform XSS attacks against highly privileged users.

EPSS

Процентиль: 73%

0.00779

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79