WordPress Plugin Vulnerabilities

GD Mail Queue < 4.0 - Unauthenticated Stored Cross-Site Scripting

Description

The plugin does not sufficiently sanitize input and escape output of email contents, resulting in a potential for arbitrary web script injection by unauthenticated users.

Affects Plugins

Plugin icon
gd-mail-queue
Fixed in 4.0

References

CVE
CVE-2023-3122
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/0b668f45-c7fb-481b-bc8e-115e5b7248c9

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
7.2 (high)

Miscellaneous

Original Researcher
Alex Thomas
Verified
No
WPVDB ID
f46c8a51-2868-4dbb-a689-71158fd22aa7

Timeline

Publicly Published
2023-06-09 (about 2 years ago)
Added
2023-07-12 (about 2 years ago)
Last Updated
2023-07-12 (about 2 years ago)

Other

Published
Title
Published
2025-02-02
Title
Like dislike plus counter | Like Dislike Buttons <= 1.0 - Authenticated (Admin+) Stored Cross-Site Scripting
Published
2021-04-30
Title
Give WP < 2.10.4 - Authenticated Stored Cross-Site Scripting (XSS)
Published
2021-08-10
Title
Two Factor Authentication < 1.0.8 - Reflected Cross-Site Scripting
Published
2023-11-23
Title
Enfold < 5.6.5 - Reflected Cross-Site Scripting
Published
2022-09-27
Title
Forym <= 1.5.8 - Reflected Cross-Site Scripting