Cross-Site Scripting Vulnerability in WP Mailster Plugin by WordPress
CVE-2017-17451

6.1MEDIUM

Key Information:

Vendor: Wordpress
Status: WP Mailster
Vendor: CVE Published:; 7 December 2017

What is CVE-2017-17451?

The WP Mailster plugin for WordPress, prior to version 1.5.5, is susceptible to a Cross-Site Scripting (XSS) vulnerability via the 'mes' parameter in the unsubscribe handler located at view/subscription/unsubscribe2.php. This flaw may allow attackers to inject malicious scripts, which could be executed in the context of an unsuspecting user's browser. If exploited, such vulnerabilities could lead to data theft or user session hijacking, thereby compromising the integrity and security of affected websites.

References

https://packetstormsecurity.com/files/145222/WordPress-WP...

x_refsource_MISC

https://wordpress.org/plugins/wp-mailster/#developers

x_refsource_MISC

https://wpvulndb.com/vulnerabilities/8973

x_refsource_MISC

EPSS Score

16% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 7, 2017
Vulnerability Reserved
Dec 6, 2017

Wordpress

What is CVE-2017-17451?

References

EPSS Score

CVSS V3.1

Timeline