WordPress Plugin Vulnerabilities

MailPoet < 3.23.2 - Reflected Cross-Site Scripting Issue

Description

The MailPoet – emails and newsletters in WordPress WordPress plugin was affected by a Reflected Cross-Site Scripting Issue security vulnerability.

Affects Plugins

Plugin icon
mailpoet
Fixed in 3.23.2

References

CVE
CVE-2019-11843
URL
https://github.com/mailpoet/mailpoet/releases/tag/3.23.2

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
8.3 (high)

Miscellaneous

Original Researcher
Jan van der Put and Harm Blankers of REQON Security
Verified
No
WPVDB ID
dfa5d10b-0b4c-41fa-b2ab-21f31dfbd5fe

Timeline

Publicly Published
2019-04-16 (about 7 years ago)
Added
2020-06-02 (about 5 years ago)
Last Updated
2020-06-03 (about 5 years ago)

Other

Published
Title
Published
2023-11-28
Title
Currency Converter Calculator < 1.3.2 - Contributor+ Stored XSS
Published
2025-02-02
Title
seekXL Snapr <= 2.0.6 - Reflected Cross-Site Scripting
Published
2024-11-07
Title
Logo Slider < 4.5.0 - Contributor+ Stored XSS
Published
2026-03-30
Title
Auto Post Scheduler <= 1.84 - Cross-Site Request Forgery to Stored Cross-Site Scripting via aps_options_page
Published
2024-05-24
Title
WordPress Jitsi Shortcode <= 0.1 - Contributor+ Stored XSS via Shortcode