3 matches found
CVE-2025-2325
The WP Test Email plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Email Logs in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...
CVE-2023-0219 FluentSMTP < 2.2.3 - Stored XSS via Email Logs
The FluentSMTP WordPress plugin before 2.2.3 does not sanitize or escape email content, making it vulnerable to stored cross-site scripting attacks XSS when an administrator views the email logs. This exploit requires other plugins to enable users to send emails with unfiltered HTML...
PT-2023-16092 · WordPress · Fluentsmtp
Name of the Vulnerable Software and Affected Versions: FluentSMTP WordPress plugin versions prior to 2.2.3 Description: The issue arises from the plugin's failure to sanitize or escape email content, making it susceptible to stored cross-site scripting attacks XSS when an administrator views the...