PT-2019-8534 · WordPress · Postman-Smtp

Umcms

Published

2019-09-10

Updated

2019-09-12

CVE-2017-18603

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions postman-smtp plugin through 2017-10-04 for WordPress

Description The issue concerns a cross-site scripting (XSS) problem. It is exploited via the page parameter in the "wp-admin/tools.php" page, specifically when accessing the postman email log.

Recommendations For the postman-smtp plugin through 2017-10-04, consider disabling access to the wp-admin/tools.php?page=postman email log page until a fix is available. Restrict the use of the page parameter in this context to minimize the risk of exploitation.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2017-18603

Affected Products

Postman-Smtp

PT-2019-8534 · WordPress · Postman-Smtp

CVE-2017-18603

Weakness Enumeration

Related Identifiers

Affected Products

References · 5