CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2023/07/12 5:15 a.m.•16 views

CVE-2023-3082

The Post SMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email contents in versions up to, and including, 2.5.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

7.2CVSS6.2AI score0.00991EPSS

NVD•added 2023/07/12 5:15 a.m.•9 views

CVE-2023-3080

The WP Mail Catcher plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an email subject in versions up to, and including, 2.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

7.2CVSS6.3AI score0.01447EPSS

NVD•added 2023/07/12 5:15 a.m.•8 views

CVE-2023-3081

The WP Mail Logging plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email contents in versions up to, and including, 1.11.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pag...

7.2CVSS6.3AI score0.01339EPSS

Prion•added 2023/07/12 5:15 a.m.•12 views

Cross site scripting

The Mail Queue plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an email subject in versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages tha...

5.8CVSS5.8AI score0.00411EPSS

Prion•added 2023/07/12 5:15 a.m.•18 views

Cross site scripting

The FluentSMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an email subject in versions up to, and including, 2.2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...

5.8CVSS5.8AI score0.00916EPSS

Exploits0References3Affected Software1

Prion•added 2023/07/12 5:15 a.m.•18 views

Cross site scripting

The GD Mail Queue plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email contents in versions up to, and including, 3.9.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...

5.8CVSS5.8AI score0.00991EPSS

Prion•added 2023/07/12 5:15 a.m.•17 views

Cross site scripting

The Mailtree Log Mail plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an email subject in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

5.8CVSS5.8AI score0.00991EPSS

Prion•added 2023/07/12 5:15 a.m.•26 views

Cross site scripting

5.8CVSS6.2AI score0.00991EPSS

Prion•added 2023/07/12 5:15 a.m.•13 views

Cross site scripting

The WP Reroute Email plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an email subject in versions up to, and including, 1.4.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

5.8CVSS5.8AI score0.00991EPSS

Prion•added 2023/07/12 5:15 a.m.•11 views

Cross site scripting

The About Me 3000 widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permission...

4.3CVSS4.7AI score0.00146EPSS

Prion•added 2023/07/12 5:15 a.m.•18 views

Cross site scripting

5.8CVSS6.2AI score0.01283EPSS

Vulnrichment•added 2023/07/12 4:38 a.m.•10 views

CVE-2023-3087

7.2CVSS6.3AI score0.00916EPSS

Cvelist•added 2023/07/12 4:38 a.m.•17 views

CVE-2023-3166 Lana Email Logger <= 1.0.2 - Unauthenticated Stored Cross-Site Scripting via Email Subject

The Lana Email Logger plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an email subject in versions up to, and including, Lana Email Logger due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

Cvelist•added 2023/07/12 4:38 a.m.•15 views

CVE-2023-3081 WP Mail Logging <= 1.11.1 - Unauthenticated Stored Cross-Site Scripting via Email

7.2CVSS6.4AI score0.01339EPSS

Cvelist•added 2023/07/12 4:38 a.m.•16 views

CVE-2023-3092 SMTP Mail <= 1.3.46 - Unauthenticated Stored Cross-Site Scripting via Email Subject

The SMTP Mail plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an email subject in versions up to, and including, 1.3.46 due to insufficient input sanitization and output escaping when the 'Save Data SendMail' feature is enabled. This makes it possible for unauthenticated...

7.2CVSS6.4AI score0.03385EPSS

Exploits0References4

Cvelist•added 2023/07/12 4:38 a.m.•24 views

CVE-2023-3088 WP Mail Log <= 1.1.1 - Unauthenticated Stored Cross-Site Scripting via Email

The WP Mail Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email contents in versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages th...

Cvelist•added 2023/07/12 4:38 a.m.•23 views

CVE-2023-3158 Mail Control <= 0.2.8 - Unauthenticated Stored Cross-Site Scripting via Email Subject

7.2CVSS6.4AI score0.01283EPSS

Cvelist•added 2023/07/12 4:38 a.m.•23 views

CVE-2023-3093 YaySMTP <= 2.4.5 - Unauthenticated Stored Cross-Site Scripting via Email

The YaySMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email contents in versions up to, and including, 2.4.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

Cvelist•added 2023/07/12 4:38 a.m.•22 views

CVE-2023-3168 WP Reroute Email <= 1.4.9 - Unauthenticated Stored Cross-Site Scripting via Email Subject