Stored Cross-Site Scripting Vulnerability in Email Encoder WordPress Plugin
CVE-2024-4483

Currently unrated

Key Information:

Vendor: Wordpress
Status: Email Encoder
Vendor: CVE Published:; 29 July 2024

Badges

👾 Exploit Exists🟡 Public PoC

Summary

The Email Encoder WordPress plugin before 2.2.2 does not escape the WP_Email_Encoder_Bundle_options[protection_text] parameter before outputting it back in an attribute in an admin page, leading to a Stored Cross-Site Scripting

Affected Version(s)

Email Encoder 0 < 2.2.2

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-4483 - Proof of Concept

References

https://wpscan.com/vulnerability/8f2ac76c-f3f8-41f9-a32a-...

exploitvdb-entrytechnical-description

Timeline

🟡
Public PoC available
Jul 29, 2024
👾
Exploit known to exist
Jul 29, 2024
Vulnerability published
Jul 29, 2024
Vulnerability Reserved
May 3, 2024

Credit

Krugov Artyom

WPScan