3 matches found
CVE-2023-3721
The WP-EMail WordPress plugin before 2.69.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-3721 WP-EMail < 2.69.1 - Admin+ Stored Cross-Site Scripting
The WP-EMail WordPress plugin before 2.69.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-3721
The CVE-2023-3721 entry concerns the WP-EMail WordPress plugin prior to version 2.69.1, where certain settings are not properly sanitized/escaped. This can enable Stored Cross-Site Scripting by high-privilege users (e.g., admins), even if unfiltered_html is disallowed (such as in multisite setups...