CVE-2024-3076

The MM-email2image WordPress plugin through 0.2.5 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

CVE-2024-3075

The MM-email2image WordPress plugin through 0.2.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

PT-2024-23612 · WordPress · Mm-Email2Image

Name of the Vulnerable Software and Affected Versions: MM-email2image WordPress plugin versions 0.2.5 and earlier Description: The issue is related to the lack of CSRF checks in some places and missing sanitization as well as escaping in the MM-email2image WordPress plugin. This could allow...

WordPress plugin MM-email2image 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress MM-email2image plugin <= 0.2.5 - Contributor+ Stored XSS vulnerability

Contributor+ Stored XSS vulnerability discovered by Bob Matyas in WordPress Plugin MM-email2image versions = 0.2.5...