WordPress Plugin Vulnerabilities

Mailtree Log Mail < 1.0.1 - Unauthenticated Stored Cross-Site Scripting

Description

The plugin does not properly sanitize and escape the input received through the email subject, leading to potential Stored Cross-Site Scripting (XSS). This can result in the execution of arbitrary web scripts whenever a user accesses a compromised page.

Affects Plugins

Plugin icon
mailtree-log-mail
Fixed in 1.0.1

References

CVE
CVE-2023-3135
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/24d0229c-0f1b-42df-b89a-ce0b8a3fda7e

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
7.2 (high)

Miscellaneous

Original Researcher
Alex Thomas
Verified
No
WPVDB ID
ecd9e89d-c82c-4492-9c1e-5299eac99531

Timeline

Publicly Published
2023-06-20 (about 2 years ago)
Added
2023-07-12 (about 2 years ago)
Last Updated
2023-07-12 (about 2 years ago)

Other

Published
Title
Published
2021-08-13
Title
Smart Email Alerts <= 1.0.10 - Reflected Cross-Site Scripting
Published
2025-05-08
Title
BMI Adult & Kid Calculator <= 1.2.2 - Reflected Cross-Site Scripting
Published
2024-08-28
Title
Premium Portfolio Features for Phlox theme < 2.3.5 - Contributor+ Stored XSS
Published
2024-07-11
Title
Admin Dashboard RSS Feed < 3.4 - Administrator+ Stored XSS
Published
2025-02-18
Title
Raptive Ads < 3.7.1 - Reflected Cross-Site Scripting