WordPress Plugin Vulnerabilities

Mail Control < 0.3.2 - Unauthenticated Stored XSS via Email Subject

Description

The plugin does not adequately sanitize input or escape output for email subjects, resulting in potential for stored cross-site scripting.

Affects Plugins

Plugin icon
mail-control
Fixed in 0.3.2

References

CVE
CVE-2023-3158
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/77537eb8-1c84-4702-aba1-727b0de1c3e1

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
7.2 (high)

Miscellaneous

Original Researcher
Alex Thomas
Verified
No
WPVDB ID
5643b02c-dcc6-45f7-98c3-b631f94650fc

Timeline

Publicly Published
2023-07-10 (about 2 years ago)
Added
2023-07-12 (about 2 years ago)
Last Updated
2023-08-18 (about 2 years ago)

Other

Published
Title
Published
2025-02-23
Title
GDPR Cookie Compliance < 4.15.7 - Admin+ Stored XSS
Published
2024-11-25
Title
Spotify Play Button for WordPress < 2.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via spotifyplaybutton Shortcode
Published
2023-02-21
Title
Старт < 3.8 - Admin+ Stored XSS
Published
2024-01-08
Title
Formidable Forms < 6.7.1 - Admin+ Stored Cross-Site Scripting
Published
2024-05-20
Title
Master Slider – Responsive Touch Slider < 3.9.10 - Authenticated (Contributor+) Stored Cross-Site Scripting