CVE-2023-6621

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Jan 3, 2024

Updated: Jan 9, 2024

CWE ID 79

Summary

CVE-2023-6621 is a Reflected Cross-Site Scripting vulnerability affecting the POST SMTP WordPress plugin before version 2.8.7. The issue stems from the plugin's failure to sanitize and escape the 'msg' parameter, allowing malicious scripts to be injected and executed in the page. This vulnerability poses a significant threat, particularly to high privilege users like administrators.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Wpexperts Post Smtp Mailer

Affected Vendors

WP Experts

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/tvBBnK
https://www.cve.org/CVERecord?id=CVE-2023-6621
https://nvd.nist.gov/vuln/detail/CVE-2023-6621

Back to Vulnerability Database