CVE-2024-3076

The MM-email2image WordPress plugin through 0.2.5 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

CVE-2024-3075

The MM-email2image WordPress plugin through 0.2.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2024-3076 MM-email2image <= 0.2.5 - Stored XSS via CSRF

The MM-email2image WordPress plugin through 0.2.5 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

CVE-2024-3076 MM-email2image <= 0.2.5 - Stored XSS via CSRF

The MM-email2image WordPress plugin through 0.2.5 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

CVE-2024-3076

CVE-2024-3076 affects the MM-email2image WordPress plugin (versions up to 0.2.5). Public Red Hat/NVD entries describe lack of CSRF checks in some areas and missing sanitisation/escaping, enabling a logged-in admin to store XSS payloads via CSRF. Public sources corroborate Stored XSS via CSRF in M...

CVE-2024-3075 MM-email2image <= 0.2.5 - Contributor+ Stored XSS

The MM-email2image WordPress plugin through 0.2.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

PT-2024-23612 · WordPress · Mm-Email2Image

Name of the Vulnerable Software and Affected Versions: MM-email2image WordPress plugin versions 0.2.5 and earlier Description: The issue is related to the lack of CSRF checks in some places and missing sanitization as well as escaping in the MM-email2image WordPress plugin. This could allow...

WordPress plugin MM-email2image 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin MM-email2image 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress MM-email2image plugin <= 0.2.5 - Stored XSS via CSRF vulnerability

Stored XSS via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin MM-email2image versions = 0.2.5...

WordPress MM-email2image plugin <= 0.2.5 - Contributor+ Stored XSS vulnerability

Contributor+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin MM-email2image versions = 0.2.5...

WordPress MM-email2image Plugin <= 0.2.5 is vulnerable to Cross Site Scripting (XSS)

Software MM-email2image Type Plugin Vulnerable versions = 0.2.5 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3075 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d669837268d4 Credits Bob Matyas Required privile...

MM-email2image <= 0.2.5 - Stored XSS via CSRF

Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack PoC Make a logged in admin open a file containing the HTML:...

MM-email2image <= 0.2.5 - Stored XSS via CSRF

Description The plugin does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack Make a logged in admin open a file containing the HTML: alert2' /...

CVE-2013-0257

The email2image module 6.x-1.x and 6.x-2.x for Drupal does not properly restrict access to nodes, which allows remote attackers to read images of user email addresses and email fields...

Code injection

The email2image module 6.x-1.x and 6.x-2.x for Drupal does not properly restrict access to nodes, which allows remote attackers to read images of user email addresses and email fields...

CVE-2013-0257

The email2image module 6.x-1.x and 6.x-2.x for Drupal does not properly restrict access to nodes, which allows remote attackers to read images of user email addresses and email fields...

CVE-2013-0257

CVE-2013-0257 affects the Drupal email2image module (6.x-1.x and 6.x-2.x). The vulnerability arises from improper access checks, allowing remote attackers to read images of user email addresses and email fields by bypassing node access restrictions. Impact is disclosure of email-related image dat...

SA-CONTRIB-2013-011 - email2image - Access Bypass - Unsupported

This module creates images of user email addresses and email fields. The module doesn't sufficiently check node access restrictions when displaying such fields. This vulnerability is mitigated by the fact that it only impacts sites using node access. CVE identifiers issued CVE-2013-0257 Versions...