CVE-2024-5200

CVSS v3.1

4.8

Medium

Vector

AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Postie WordPress plugin versions prior to 1.9.71

Description The software does not properly sanitize and escape certain settings, potentially allowing users with high privileges, such as administrators, to carry out Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html capability is disabled, for example, in a multisite environment.

Recommendations Update to Postie WordPress plugin version 1.9.71 or later.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2024-5200

Affected Products

Postie

CVE-2024-5200

Related Identifiers

Affected Products

References · 5