Cross-Site Scripting Vulnerability in WP Mailster by WordPress
CVE-2021-28975

6.1MEDIUM

Key Information:

Vendor: WordPress
Status: WP Mailster
Vendor: CVE Published:; 21 October 2021

Summary

WP Mailster version 1.6.18.0 contains a vulnerability that can lead to cross-site scripting (XSS) attacks. An attacker can craft a malicious email server detail that, when viewed by the victim, executes arbitrary JavaScript in their browser. This vulnerability is triggered when a user accesses the mst_servers page with manipulated parameters such as server_host, server_name, or connection_parameter. This can give attackers access to sensitive user information, elevate privileges, or perform other malicious actions.

References

https://www.compass-security.com/en/research/advisories/

x_refsource_MISC

https://www.compass-security.com/fileadmin/Research/Advis...

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 21, 2021
Vulnerability Reserved
Mar 22, 2021