Stored Cross-Site Scripting Vulnerability in WP Mail Logging for WordPress
CVE-2023-3081
7.2HIGH
What is CVE-2023-3081?
The WP Mail Logging plugin for WordPress is susceptible to a stored cross-site scripting vulnerability due to inadequate input sanitization and output escaping mechanisms. This flaw allows unauthenticated attackers to inject arbitrary web scripts into email contents. These scripts could execute on impacted pages, potentially compromising user security when accessed. A partial fix was introduced in version 1.11.1, yet systems using prior versions remain exposed to such attacks.
Affected Version(s)
WP Mail Logging * <= 1.11.1