PT-2024-16029 · WordPress · Mailpoet
Dmitry Ignatyev
·
Published
2024-11-18
·
Updated
2024-11-19
·
CVE-2024-10103
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
MailPoet WordPress plugin versions prior to 5.3.2
Description
A vulnerability was found in the MailPoet WordPress plugin that allows Stored XSS on behalf of the editor by embedding malicious script. This can lead to account takeover backdoor.
Recommendations
For MailPoet WordPress plugin versions prior to 5.3.2, update to version 5.3.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the editor role to minimize the risk of exploitation.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mailpoet