Mailster Gravity Forms < 2.4.9 – Unauthenticated Stored Cross-Site Scripting (XSS) | Plugin Vulnerabilities

Description

Mailster [1] is a newsletter plugin for WordPress. It allows to create, send and track the newsletter campaigns.

Compass Security identified a stored Cross-Site Scripting (XSS) vulnerability affecting the administration interface. Successful exploitation requires no authentication and can be performed remotely.

[1] https://codecanyon.net/item/mailster-email-newsletter-plugin-for-wordpress/3078294

Proof of Concept

In order to reproduce the vulnerability, subscribe to the newsletter as an unauthenticated user and use the following as name:

Test" onmouseover=alert(1) onfocus=alert(1) tabindex=1 a=

Affects Plugins

Fixed in 2.4.9

References

URL

https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CSNC-2019-023_EverPress_Mailster_Cross-Site_Scripting_XSS.txt

URL

https://codecanyon.net/item/mailster-email-newsletter-plugin-for-wordpress/3078294

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Submitter

Ryan

Verified

No

WPVDB ID

35c42744-3eb8-4dff-9b8f-3c61a8f395fd

Timeline

Publicly Published

2020-07-08 (about 5 years ago)

Added

2020-10-13 (about 5 years ago)

Last Updated

2020-10-14 (about 5 years ago)

Other

Published

Title

Published

2025-12-29

Title

Netgsm < 2.9.64 - Reflected Cross-Site Scripting

Published

2022-07-29

Title

Simple SEO < 1.7.92 - Contributor+ Stored Cross-Site Scripting

Published

2025-08-26

Title

All-in-One WP Migration and Backup < 7.98 - Admin+ Stored XSS

Published

2024-09-25

Title

ARI Fancy Lightbox < 1.3.18 - Authenticated (Author+) Stored Cross-Site Scripting

Published

2015-08-04

Title

Admin Pack by SITE CASEIRO <= 1.1 - Authenticated Stored Cross-Site Scripting (XSS)