Remote Code Injection in MailPoet Plugin for WordPress
CVE-2019-11843
6.1MEDIUM
What is CVE-2019-11843?
The MailPoet plugin prior to version 3.23.2 for WordPress is susceptible to a Reflective Server-Side XSS vulnerability. This flaw allows remote attackers to craft malicious URLs that can execute arbitrary web scripts or inject HTML, compromising the security of the affected website. It highlights the importance of keeping plugins updated to shield sites from potential exploits.