CVE-2023-5958

medium

Description

The POST SMTP Mailer WordPress plugin before 2.7.1 does not escape email message content before displaying it in the backend, allowing an unauthenticated attacker to perform XSS attacks against highly privileged users.

References

https://wpscan.com/vulnerability/22fa478d-e42e-488d-9b4b-a8720dec7cee

Details

Source: Mitre, NVD

Published: 2023-11-27

Updated: 2023-12-02

Risk Information

CVSS v2

Base Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N