A cross-site scripting (XSS) vulnerability has been discovered in 14 different email logging plugins for WordPress.
The vulnerability allows an attacker to inject malicious code into the emails that are generated by the plugins. This code could then be used to steal user data, hijack user sessions, or redirect users to malicious websites.
Below is a table detailing the affected plugins, along with their respective slugs, CVEs, links, reported dates, disclosed dates, and fixed versions.
To exploit the vulnerability, an attacker would need to send an email to a user who is using one of the affected plugins. The email would need to contain malicious code in the subject line. When the user opens the email, the malicious code would be executed in the user’s browser.
We encourage WordPress users to verify that their sites are updated to the latest patched version if an affected plugin is being used.
Bijay Pokharel
Related posts
Recent Posts
Subscribe
Cybersecurity Newsletter
You have Successfully Subscribed!
Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox. You are also consenting to our Privacy Policy and Terms of Use.