Lucene search
WPScanCVE-2024-3076HistoryApr 26, 2024 - 2:15 p.m.
CVE-2024-3076
2024-04-2614:15:07
WPScan
web.nvd.nist.gov
36
cve-2024-3076
mm-email2image
wordpress
csrf
sanitisation
escaping
stored xss payloads
nvd
The MM-email2image WordPress plugin through 0.2.5 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack
Affected configurations
Node
mm-email2imageRange≤0.2.5wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| * | mm-email2image | * | cpe:2.3:a:*:mm-email2image:*:*:*:*:*:wordpress:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "MM-email2image",
"versions": [
{
"status": "affected",
"versionType": "semver",
"version": "0",
"lessThanOrEqual": "0.2.5"
}
],
"defaultStatus": "affected"
}
]Related
wpvulndb
wpvulndb
MM-email2image <= 0.2.5 - Stored XSS via CSRF
2024-04-05 00:00:00
nvd
nvd
CVE-2024-3076
2024-04-26 14:15:07
vulnrichment
vulnrichment
CVE-2024-3076 MM-email2image <= 0.2.5 - Stored XSS via CSRF
2024-04-26 13:23:08
cvelist
cvelist
CVE-2024-3076 MM-email2image <= 0.2.5 - Stored XSS via CSRF
2024-04-26 13:23:08
wpexploit
wpexploit
MM-email2image <= 0.2.5 - Stored XSS via CSRF
2024-04-05 00:00:00
wordfence
wordfence