The POST SMTP Mailer WordPress plugin before 2.7.1 does not escape email message content before displaying it in the backend, allowing an unauthenticated attacker to perform XSS attacks against highly privileged users.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/22fa478d-e42e-488d-9b4b-a8720dec7cee | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2023-11-27T16:22:03.963Z
Updated: 2023-11-27T16:22:03.963Z
Reserved: 2023-11-03T19:08:32.554Z
Link: CVE-2023-5958
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-11-27T17:15:09.623
Modified: 2023-12-02T04:36:54.543
Link: CVE-2023-5958
JSON object: View
Redhat Information
No data.
CWE