2 matches found
CVE-2023-5109
The CVE-2023-5109 entry concerns the WP Mailto Links – Protect Email Addresses WordPress plugin. Affected versions up to 3.1.3 are vulnerable to Stored XSS via the wpml_mailto shortcode due to insufficient input sanitization and output escaping on user-supplied attributes. This allows authenticat...
CVE-2023-5109 WP Mailto Links – Protect Email Addresses <= 3.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The WP Mailto Links – Protect Email Addresses plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wpmlmailto' shortcode in versions up to, and including, 3.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...