WordPress Plugin Vulnerabilities

MailPoet < 3.23.2 - Reflected Cross-Site Scripting Issue

Description

The MailPoet – emails and newsletters in WordPress WordPress plugin was affected by a Reflected Cross-Site Scripting Issue security vulnerability.

Affects Plugins

Plugin icon
mailpoet
Fixed in 3.23.2

References

CVE
CVE-2019-11843
URL
https://github.com/mailpoet/mailpoet/releases/tag/3.23.2

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
8.3 (high)

Miscellaneous

Original Researcher
Jan van der Put and Harm Blankers of REQON Security
Verified
No
WPVDB ID
dfa5d10b-0b4c-41fa-b2ab-21f31dfbd5fe

Timeline

Publicly Published
2019-04-16 (about 7 years ago)
Added
2020-06-02 (about 5 years ago)
Last Updated
2020-06-03 (about 5 years ago)

Other

Published
Title
Published
2025-12-30
Title
e-shops <= 1.0.4 - Reflected Cross-Site Scripting
Published
2014-08-01
Title
felici - XSS
Published
2024-11-08
Title
DuoGeek Blocks 0.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2018-05-14
Title
GD bbPress Attachments <= 2.5 - Authenticated Stored XSS
Published
2025-03-11
Title
GNUPress <= 0.2.9 - Reflected Cross-Site Scripting