CVE-2023-0219

Name of the Vulnerable Software and Affected Versions FluentSMTP WordPress plugin versions prior to 2.2.3

Description The issue arises from the plugin's failure to sanitize or escape email content, making it susceptible to stored cross-site scripting attacks (XSS) when an administrator views the email logs. This exploit requires the presence of other plugins that enable users to send emails with unfiltered HTML.

Recommendations For versions prior to 2.2.3, update to version 2.2.3 or later to resolve the issue. As a temporary workaround, consider disabling the viewing of email logs until a patch is applied. Restrict access to the email logs to minimize the risk of exploitation. Avoid using plugins that enable users to send emails with unfiltered HTML in the affected versions until the issue is resolved.