CVE-2019-20203

The Authorized Addresses feature in the Postie plugin 1.9.40 for WordPress allows remote attackers to publish posts by spoofing the From information of an email message...

CVE-2025-63020

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Wayne Allen Postie postie allows Stored XSS.This issue affects Postie: from n/a through = 1.9.73...

CVE-2025-63020

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Wayne Allen Postie postie allows Stored XSS.This issue affects Postie: from n/a through = 1.9.73...

CVE-2025-63020 WordPress Postie plugin <= 1.9.73 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Wayne Allen Postie postie allows Stored XSS.This issue affects Postie: from n/a through = 1.9.73...

CVE-2025-63020

CVE-2025-63020 is a stored cross-site scripting (XSS) vulnerability in the WordPress plugin Postie. The connected Wordfence report identifies an authenticated (Contributor+) path, affecting Postie up to version 1.9.73, with exploitation requiring a Contributor+ user. Technical details confirm the...

CVE-2025-63020 WordPress Postie plugin <= 1.9.73 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Wayne Allen Postie postie allows Stored XSS.This issue affects Postie: from n/a through = 1.9.73...

WordPress Postie plugin <= 1.9.73 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Jitlada in WordPress Plugin Postie versions = 1.9.73...

WordPress Postie Plugin Cross-Site Scripting Vulnerability

WordPress Postie Plugin is a plugin that is mainly used for publishing posts via email. WordPress Postie Plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, which can be exploited by an attacker...

EUVD-2019-10757

Malware in sbrugna...

EUVD-2019-10758

Malware in sbrugna...

EUVD-2012-2566

Malware in sbrugna...

CVE-2024-5200

The Postie WordPress plugin before 1.9.71 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

WordPress Postie plugin < 1.9.71 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Guido Iván García Duva in WordPress Plugin Postie versions 1.9.71...

CVE-2024-5200 Postie < 1.9.71 - Admin+ Stored XSS

The Postie WordPress plugin before 1.9.71 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-5200

CVE-2024-5200 – Postie WordPress plugin before 1.9.71 suffers from insufficient sanitization/escaping of settings, enabling stored XSS by high-privilege users (e.g., admin) even when unfiltered_html is disallowed (such as multisite) per CNVD/Red Hat/PatchStack entries. Affected product: Postie Pl...

PT-2025-39812

Name of the Vulnerable Software and Affected Versions Postie WordPress plugin versions prior to 1.9.71 Description The software does not properly sanitize and escape certain settings, potentially allowing users with high privileges, such as administrators, to carry out Stored Cross-Site Scripting...

CVE-2019-20204

The Postie plugin 1.9.40 for WordPress allows XSS, as demonstrated by a certain payload with jaVasCript:/ at the beginning and a crafted SVG element...

WordPress Plugin Postie 1.9.40 - Persistent Cross-Site Scripting

Exploit Title: WordPress Plugin Postie 1.9.40 - Persistent Cross-Site Scripting Google Dork: inurl:/wp-content/plugins/postie/readme.txt Date: 2020-01-15 Exploit Author: V1n1v131r4 Vendor Homepage: https://postieplugin.com/ Software Link: https://wordpress.org/plugins/postie/developers Version:...

WordPress Postie plugin cross-site scripting vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Postie is one of the plugins used to support posting using email. A cross-site scripting vulnerability in the WordPress Postie plugin c...

WordPress Postie plugin <= 1.9.40 - Stored Cross-Site Scripting (XSS) and post submission spoofing vulnerabilities

Stored Cross-Site Scripting XSS and post submission spoofing vulnerabilities found by V1n1v131r4 in WordPress Postie plugin versions = 1.9.40. Solution 06.01.2020 - we were unable to find a patched version of this plugin...