PT-2017-16775 · WordPress · Wp-Email

Publicado

2017-02-10

Atualizado

2019-09-27

CVE-2017-5942

CVSS v3.1

6.1

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions WP Mail plugin versions prior to 1.2

Description An issue in the WP Mail plugin allows for a reflected XSS attack through the replyto parameter when composing a mail. This enables the execution of JavaScript in the context of the user receiving the mail.

Recommendations For WP Mail plugin versions prior to 1.2, update to version 1.2 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the replyto parameter when composing mail until the issue is resolved.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2017-5942

Produtos afetados

Wp-Email

PT-2017-16775 · WordPress · Wp-Email

CVE-2017-5942

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4