WordPress Plugin Vulnerabilities

WP Reroute Email < 1.5.0 - Unauthenticated Stored Cross-Site Scripting

Description

The plugin does not properly sanitize and escape input in the email subject, leading to potential Stored Cross-Site Scripting issues. This flaw allows the injection of arbitrary web scripts that are executed whenever an injected page is accessed.

Affects Plugins

Plugin icon
wp-reroute-email
Fixed in 1.5.0

References

CVE
CVE-2023-3168
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/4a0e962b-b6a0-4179-91d0-5ede508a9895

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
7.2 (high)

Miscellaneous

Original Researcher
Alex Thomas
Verified
No
WPVDB ID
38ba58fb-5cfa-4283-82e5-80e270d3da91

Timeline

Publicly Published
2023-07-05 (about 2 years ago)
Added
2023-07-12 (about 2 years ago)
Last Updated
2023-07-12 (about 2 years ago)

Other

Published
Title
Published
2023-01-11
Title
GamiPress – Vimeo integration < 1.0.9 - Contributor+ Stored XSS
Published
2025-08-14
Title
WordLift < 3.54.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2023-06-05
Title
Accordion & FAQ < 1.9.9 - Reflected XSS
Published
2025-11-20
Title
Islamic Phrases <= 2.12.2015 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2024-04-30
Title
WPify Woo Czech < 4.0.11 - Reflected Cross-Site Scripting