PT-2024-15198 · WordPress · The Email Encoder – Protect Email Addresses/Phone Numbers

Name of the Vulnerable Software and Affected Versions: The Email Encoder – Protect Email Addresses and Phone Numbers plugin for WordPress versions up to, and including, 2.1.9 Description: The issue is related to Stored Cross-Site Scripting via the plugin's eeb mailto shortcode due to insufficient...

WordPress Email Encoder Bundle Plugin <= 2.1.9 is vulnerable to Cross Site Scripting (XSS)

Software Email Encoder Bundle Type Plugin Vulnerable versions = 2.1.9 Fixed in 2.1.10 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-7070 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID bbe9fb4a4a45 Credits Webbernaut Require...

CVE-2023-48765

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Till Krüss Email Address Encoder allows Stored XSS.This issue affects Email Address Encoder: from n/a through 1.0.22...

Email Encoder < 2.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The Email Encoder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'eebmailto' shortcode in versions up to, and including, 2.1.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

Email Encoder Bundle < 2.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode

Description The Email Encoder – Protect Email Addresses and Phone Numbers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 2.1.8 due to insufficient input sanitization and output escaping on user supplied attribute...

CVE-2023-47821

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jannis Thuemmig Email Encoder plugin = 2.1.8 versions...

CVE-2023-47821

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jannis Thuemmig Email Encoder plugin = 2.1.8 versions...

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jannis Thuemmig Email Encoder plugin = 2.1.8 versions...

CVE-2023-47821

CVE-2023-47821 affects the WordPress Email Encoder Bundle plugin (

CVE-2023-47821 WordPress Email Encoder Bundle Plugin <= 2.1.8 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jannis Thuemmig Email Encoder plugin = 2.1.8 versions...

WordPress Plugin Email Encoder - Protect Email Addresses and Phone Numbers Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. WordPress Plugin Email Encoder - Protect Email Addresses...

WordPress Email Encoder Bundle Plugin <= 2.1.8 is vulnerable to Cross Site Scripting (XSS)

Software Email Encoder Bundle Type Plugin Vulnerable versions = 2.1.8 Fixed in 2.1.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-47821 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 19415fa8bf01 Credits Ngô Thiên An ancorn from VNPT-VCI...

WordPress Email Encoder Bundle Plugin <= 2.1.7 is vulnerable to Cross Site Scripting (XSS)

Software Email Encoder Bundle Type Plugin Vulnerable versions = 2.1.7 Fixed in 2.1.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4599 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 48a0517c2804 Credits István Márton...

CVE-2021-24599

The Email Encoder – Protect Email Addresses WordPress plugin before 2.1.2 has an endpoint that requires no authentication and will render a user supplied value in the HTML response without escaping or sanitizing the data...

CVE-2021-24599 Email Encoder < 2.1.2 - Reflected Cross Site Scripting

The Email Encoder – Protect Email Addresses WordPress plugin before 2.1.2 has an endpoint that requires no authentication and will render a user supplied value in the HTML response without escaping or sanitizing the data...

CVE-2021-24599

The CVE-2021-24599 entry concerns the WordPress plugin Email Encoder – Protect Email Addresses, affected in versions before 2.1.2. The vulnerability is an unauthenticated endpoint that renders a user-supplied value in the HTML response without escaping or sanitizing, leading to a reflected cross-...

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in the...

Email Encoder < 2.1.2 - Reflected Cross Site Scripting

The plugin has an endpoint that requires no authentication and will render a user supplied value in the HTML response without escaping or sanitizing the data. PoC The vulnerable function is nonce protected, the nonce can be found in the site's HTML source by searching for the javascript variable...

Email Encoder < 2.1.2 - Reflected Cross Site Scripting

The plugin has an endpoint that requires no authentication and will render a user supplied value in the HTML response without escaping or sanitizing the data. The vulnerable function is nonce protected, the nonce can be found in the site's HTML source by searching for the javascript variable...

WordPress Email Encoder Bundle 1.4.3 Cross Site Scripting

================================================================================ WordPress Email Encoder Bundle 1.4.3 - Stored Cross Site Scripting ================================================================================ Author: Ehsan Hosseini Vendor Homepage:...