WordPress Plugin Vulnerabilities

Email Users <= 4.7.5 - Authenticated Cross-Site Scripting (XSS)

Description

The Email Users WordPress plugin was affected by an Authenticated Cross-Site Scripting (XSS) security vulnerability.

Affects Plugins

Plugin icon
email-users
Fixed in 4.7.6

References

URL
http://cinu.pl/research/wp-plugins/mail_8b8b3a04415fc08b7848d0b267e3808d.html
URL
http://blog.cinu.pl/2015/11/php-static-code-analysis-vs-top-1000-wordpress-plugins.html

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
a2d8d3cf-b843-40ca-a4f5-ff1fc283734e

Timeline

Publicly Published
2015-08-10 (about 10 years ago)
Added
2015-11-24 (about 10 years ago)
Last Updated
2022-05-18 (about 3 years ago)

Other

Published
Title
Published
2023-12-27
Title
Easy Video Player < 1.2.2.11 - Contributor+ Stored XSS
Published
2022-04-25
Title
WP Subtitle < 3.4.1 - Contributor+ Stored Cross-Site Scripting
Published
2025-04-02
Title
Advanced Typekit <= 1.0.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting
Published
2025-01-16
Title
ePermissions <= 1.2 - Reflected Cross-Site Scripting
Published
2025-05-08
Title
BMI Adult & Kid Calculator <= 1.2.2 - Reflected Cross-Site Scripting