WordPress Plugin Vulnerabilities

Lana Email Logger < 1.1.0 - Unauthenticated Stored Cross-Site Scripting

Description

The plugin does not properly sanitize and escape input in email subjects, leading to potential Stored Cross-Site Scripting issues.

Affects Plugins

Plugin icon
lana-email-logger
Fixed in 1.1.0

References

CVE
CVE-2023-3166
URL
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/lana-email-logger/lana-email-logger-102-unauthenticated-stored-cross-site-scripting-via-email-subject

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
7.2 (high)

Miscellaneous

Original Researcher
Alex Thomas
Verified
No
WPVDB ID
7407bdff-d975-44cb-8bd3-bcf23200065f

Timeline

Publicly Published
2023-06-08 (about 2 years ago)
Added
2023-07-12 (about 2 years ago)
Last Updated
2023-07-12 (about 2 years ago)

Other

Published
Title
Published
2023-02-23
Title
Simple Portfolio Gallery <= 0.1 - Admin+ Stored XSS
Published
2023-06-19
Title
Extra User Details < 0.5.1 - Admin+ Stored XSS
Published
2024-06-22
Title
WP eMember < 10.6.7 - Reflected XSS via Member Edit
Published
2025-12-11
Title
Complag <= 1.0.2 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']
Published
2024-05-17
Title
ShopLentor < 2.8.8 - Contributor+ Stored XSS