WordPress Plugin Vulnerabilities

GNU-Mailman Integration <= 1.0.6 - Reflected Cross-Site Scripting

Description

The plugin is vulnerable to Reflected Cross-Site Scripting via the gm_error parameter found in the ~/includes/admin/mailing-lists-page.php file which allows attackers to inject arbitrary web scripts.

Affects Plugins

Plugin icon
gnu-mailman-integration
No known fix

References

CVE
CVE-2021-38354
URL
https://www.wordfence.com/vulnerability-advisories/#CVE-2021-38354

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Original Researcher
p7e4
Verified
No
WPVDB ID
ddf346bb-78f3-43eb-a33e-cf199b8a8601

Timeline

Publicly Published
2021-09-09 (about 2 years ago)
Added
2021-09-10 (about 2 years ago)
Last Updated
2023-01-31 (about 10 months ago)

Other

Published
Title
Published
2023-01-27
Title
Glossary < 2.1.28 - Contributor+ Stored XSS
Published
2023-03-22
Title
I Recommend This <= 3.8.3 - CSRF
Published
2022-06-20
Title
WP Event Manager < 3.1.28 - Reflected Cross-Site Scripting
Published
2022-06-08
Title
Copify <= 1.3.0 - Stored Cross-Site Scripting via CSRF
Published
2014-08-01
Title
Mingle Forum <= 1.0.33 - Cross Site Scripting