Cross-Site Scripting Vulnerability in Postie Plugin for WordPress
CVE-2012-2580

Currently unrated

Key Information:

Vendor: Wordpress
Status: Postie
Vendor: CVE Published:; 20 June 2014

Summary

A cross-site scripting (XSS) vulnerability exists in the Postie plugin for WordPress, allowing remote attackers to inject arbitrary web scripts or HTML by manipulating the From field of an email. If successfully exploited, this vulnerability can lead to unauthorized actions being performed on behalf of a user, potentially compromising sensitive data or website functionality. This issue affects Postie plugin versions up to 1.5.15 and requires immediate attention to secure affected WordPress installations.

References

http://osvdb.org/84532

vdb-entryx_refsource_OSVDB

https://exchange.xforce.ibmcloud.com/vulnerabilities/77537

vdb-entryx_refsource_XF

http://secunia.com/advisories/50207

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Jun 20, 2014
Vulnerability Reserved
May 9, 2012