PT-2017-16775 · WordPress · Wp-Email

Published

2017-02-10

Updated

2019-09-27

CVE-2017-5942

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions WP Mail plugin versions prior to 1.2

Description An issue in the WP Mail plugin allows for a reflected XSS attack through the replyto parameter when composing a mail. This enables the execution of JavaScript in the context of the user receiving the mail.

Recommendations For WP Mail plugin versions prior to 1.2, update to version 1.2 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the replyto parameter when composing mail until the issue is resolved.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2017-5942

Affected Products

Wp-Email

PT-2017-16775 · WordPress · Wp-Email

CVE-2017-5942

Weakness Enumeration

Related Identifiers

Affected Products

References · 4