3 matches found
CVE-2019-20203
CVE-2019-20203 affects the WordPress Postie plugin up to version 1.9.40. The vulnerability stems from the Authorized Addresses feature allowing remote attackers to publish posts by spoofing the From header of emails, enabling post publication bypass. Some sources also describe associated cross-si...
CVE-2019-20204
The CVE-2019-20204 entry concerns the WordPress Postie plugin, version 1.9.40. A cross-site scripting (XSS) vulnerability exists in this plugin that can be triggered by a crafted payload starting with jaVasCript:/* and an embedded SVG element, enabling execution of client‑side scripts in the cont...
CVE-2012-2580
Postie WordPress plugin (v1.4.3, possibly prior to v1.5.15) is affected by a stored XSS vulnerability (CVE-2012-2580). An attacker can inject arbitrary JavaScript via the From field of an emailed message, leading to script execution in the victim’s browser on the affected site. The root cause is ...