Stored Cross-Site Scripting Vulnerability in WP Mail Catcher Plugin for WordPress
CVE-2023-3080
6.1MEDIUM
Key Information:
- Vendor
Wordpress
- Vendor
- CVE Published:
- 12 July 2023
What is CVE-2023-3080?
The WP Mail Catcher plugin for WordPress is exposed to a Stored Cross-Site Scripting vulnerability due to inadequate input sanitization and output escaping mechanisms. Attackers can exploit this flaw by injecting arbitrary web scripts into the email subject. When users access a compromised page, the injected scripts execute, potentially leading to unauthorized actions and data exposure for the users.
Affected Version(s)
Mail logging – WP Mail Catcher * <= 2.1.2