FluentSMTP < 2.2.5 – Unauthenticated Stored Cross-Site Scripting | CVE 2023-3087

Affects Plugins

fluent-smtp

Fixed in 2.2.5

References

CVE

CVE-2023-3087

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/fa47a794-e5ce-491d-a10b-c7c5718aa853

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

7.2 (high)

Miscellaneous

Original Researcher

Alex Thomas

Verified

No

WPVDB ID

56024527-ca3f-4543-9612-9c31f4f3e60e

Timeline

Publicly Published

2023-07-06 (about 2 years ago)

Added

2023-07-12 (about 2 years ago)

Last Updated

2023-07-12 (about 2 years ago)

Other

Published

Title

Published

2024-07-10

Title

FancyPost – Best Ultimate Post Block, Post Grid, Layouts, Carousel, Slider For Gutenberg & Elementor < 5.3.2 - Authenticated (Author+) Stored Cross-Site Scripting

Published

2024-02-05

Title

Blocksy < 2.0.20 - Authenticated (Editor+) Stored Cross-Site Scripting

Published

2024-12-03

Title

Additional Custom Order Status for WooCommerce < 1.6.1 - Reflected Cross-Site Scripting

Published

2021-09-08

Title

User Activation Email <= 1.3.0 - Reflected Cross-Site Scripting

Published

2014-08-01

Title

Wordpress 1.5.1 - 2.0.2 wp-register.php Multiple Parameter XSS