WordPress Plugin Vulnerabilities

MailArchiver < 2.11.0 - Unauthenticated Stored XSS

Description

The plugin does not sanitise and escape email subjects, allowing unauthenticated users to perform Stored Cross-Site Scripting attacks

Affects Plugins

Plugin icon
mailarchiver
Fixed in 2.11.0

References

CVE
CVE-2023-3136

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
8.8 (high)

Miscellaneous

Original Researcher
Alex Thomas
Verified
No
WPVDB ID
2a7ed713-e9e8-4dbd-a87e-06a9387ffe7d

Timeline

Publicly Published
2023-07-12 (about 2 years ago)
Added
2023-09-07 (about 2 years ago)
Last Updated
2023-09-07 (about 2 years ago)

Other

Published
Title
Published
2024-03-25
Title
Crypto Converter Widget < 1.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
Published
2022-07-01
Title
Yellow Yard Searchbar < 2.8.12 - Reflected Cross-Site Scripting
Published
2025-05-19
Title
Ultimate Blocks < 3.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2025-04-04
Title
URL Shortify < 1.10.6 - Authenticated (Administrator+) Stored Cross-Site Scripting
Published
2025-11-26
Title
Donation Thermometer < 2.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting