Lucene search

CVE-2023-3158

🗓️ 12 Jul 2023 05:10:15Reported by WordfenceType

The Mail Control plugin for WordPress is vulnerable to Stored XSS via email subjec

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 8
Prion	Cross site scripting	12 Jul 202305:15	–	prion
WPVulnDB	Mail Control <= 0.2.8 - Unauthenticated Stored Cross-Site Scripting via Email Subject	10 Jul 202300:00	–	wpvulndb
Patchstack	WordPress Mail Control Plugin <= 0.3.1 is vulnerable to Cross Site Scripting (XSS)	11 Jul 202300:00	–	patchstack
NVD	CVE-2023-3158	12 Jul 202305:15	–	nvd
Vulnrichment	CVE-2023-3158	12 Jul 202304:38	–	vulnrichment
Cvelist	CVE-2023-3158	12 Jul 202304:38	–	cvelist
Wordfence Blog	“Never Assume Anything” – Unauthenticated Stored Cross-Site Scripting Vulnerability Exposed in 14 Email Logging Plugins	18 Jul 202316:40	–	wordfence
Wordfence Blog	Wordfence Intelligence Weekly WordPress Vulnerability Report (July 10, 2023 to July 16, 2023)	20 Jul 202313:29	–	wordfence

Nvd

Vulners

Node

instareza mail_controlRange≤0.2.8wordpress

[
  {
    "vendor": "rahalaboulfeth",
    "product": "Mail Control – Email Customizer, SMTP Deliverability, logging, open and click Tracking",
    "versions": [
      {
        "version": "*",
        "status": "affected",
        "lessThanOrEqual": "0.2.8",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/77537eb8-1c84-4702-aba1-727b0de1c3e1
plugins	www.plugins.trac.wordpress.org/browser/mail-control/trunk/includes/admin.php

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

12 Jul 2023 05:15Current

5.9Medium risk

Vulners AI Score5.9

CVSS36.1 - 7.2

EPSS0.00492

SSVC