WordPress Plugin Vulnerabilities

Postie 1.4.3 - Stored Cross-Site Scripting (XSS)

Description

The Postie WordPress plugin was affected by a Stored Cross-Site Scripting (XSS) security vulnerability.

Affects Plugins

Plugin icon
postie
Fixed in 1.5.15

References

CVE
CVE-2012-2580
Exploitdb
20360

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Original Researcher
LONEFERRET
Verified
No
WPVDB ID
a67777f4-82a0-4cdb-92b7-48ec22f9492c

Timeline

Publicly Published
2012-08-08 (about 13 years ago)
Added
2014-08-01 (about 11 years ago)
Last Updated
2020-02-13 (about 6 years ago)

Other

Published
Title
Published
2025-09-23
Title
VOD Infomaniak < 1.5.12 - Unauthenticated Stored Cross-Site Scripting
Published
2021-10-27
Title
Floating Social Media Icon <= 4.3.5 - Admin+ Stored Cross-Site Scripting
Published
2021-06-21
Title
myStickymenu < 2.5.2 - Authenticated Stored XSS
Published
2024-03-25
Title
WP User Profile Avatar < 1.0.2 - Contributor+ Stored XSS
Published
2025-07-23
Title
FunnelCockpit < 1.4.4 - Reflected Cross-Site Scripting via `error` Parameter