Lucene search
K

5 matches found

nvd
nvd
added 2023/07/12 5:15 a.m.14 views

CVE-2023-3122

The GD Mail Queue plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email contents in versions up to, and including, 3.9.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...

7.2CVSS6.2AI score0.00466EPSS
Exploits0References2
cve
cve
added 2023/07/12 4:38 a.m.132 views

CVE-2023-3122

CVE-2023-3122 affects the GD Mail Queue plugin for WordPress. A stored XSS flaw arises from insufficient input sanitization and output escaping in email contents for versions up to 3.9.3, allowing unauthenticated attackers to inject scripts that execute when users load injected pages. Public disc...

7.2CVSS5.8AI score0.00466EPSS
Exploits0References2Affected Software1
vulnrichment
vulnrichment
added 2023/07/12 4:38 a.m.9 views

CVE-2023-3122 GD Mail Queue <= 3.9.3 - Unauthenticated Stored Cross-Site Scripting via Email

The GD Mail Queue plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email contents in versions up to, and including, 3.9.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...

7.2CVSS6.9AI score0.00466EPSS
Exploits0References2
cvelist
cvelist
added 2023/07/12 4:38 a.m.25 views

CVE-2023-3122 GD Mail Queue <= 3.9.3 - Unauthenticated Stored Cross-Site Scripting via Email

The GD Mail Queue plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email contents in versions up to, and including, 3.9.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...

7.2CVSS6.4AI score0.00466EPSS
Exploits0References2
patchstack
patchstack
added 2023/06/12 12:0 a.m.18 views

WordPress GD Mail Queue Plugin <= 3.9.3 is vulnerable to Cross Site Scripting (XSS)

Software GD Mail Queue Type Plugin Vulnerable versions = 3.9.3 Fixed in 4.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-3122 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 1e928c6cc270 Credits Alex Thomas Required privile...

7.2CVSS5.7AI score0.00466EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder