CVE-2023-3082

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Jul 12, 2023

Updated: Nov 7, 2023

Summary

CVE-2023-3082: This vulnerability affects the Post SMTP plugin for WordPress versions up to 2.5.7. Hackers can exploit insufficient input sanitization and output escaping in the plugin, leading to Stored Cross-Site Scripting (XSS) via email contents. Unauthenticated attackers can inject arbitrary web scripts that will execute when a user accesses an injected page, posing a significant security risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Wpexperts Post Smtp Mailer

Affected Vendors

WP Experts

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/ro569p
https://www.cve.org/CVERecord?id=CVE-2023-3082
https://nvd.nist.gov/vuln/detail/CVE-2023-3082

Back to Vulnerability Database