Cross-Site Scripting in E-goi Smart Marketing SMS and Newsletters Forms Plugin for WordPress
CVE-2017-18010

6.1MEDIUM

Key Information:

Vendor

Wordpress
Status
Smart Marketing Sms And Newsletters Forms
Vendor
CVE Published:
1 January 2018

What is CVE-2017-18010?

The E-goi Smart Marketing SMS and Newsletters Forms plugin for WordPress suffers from a security flaw that allows for Cross-Site Scripting (XSS) attacks. An attacker can exploit this vulnerability via the admin/partials/custom/egoi-for-wp-form_egoi.php URL parameter, enabling unauthorized script execution in a user's browser. This could potentially lead to data theft or compromise user sessions. It is crucial for website administrators to update to version 2.0.0 or later to mitigate this risk and safeguard their sites.

References

https://wordpress.org/plugins/smart-marketing-for-wp/#dev...
x_refsource_CONFIRM
https://wpvulndb.com/vulnerabilities/8974
x_refsource_MISC
https://packetstormsecurity.com/files/145217/WordPress-Sm...
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.