Reflected XSS Vulnerability in Post By Email
CVE-2024-52463

7.1HIGH

Key Information:

Vendor: WordPress
Status: Post By Email
Vendor: CVE Published:; 2 December 2024

What is CVE-2024-52463?

An improper neutralization of input during web page generation, specifically reflected cross-site scripting (XSS), exists in the Post By Email plugin by Kat Hagan. This vulnerability allows an attacker to inject malicious scripts into web pages viewed by users. When exploited, this can lead to unauthorized actions being performed on behalf of the user or sensitive information being disclosed. The affected versions include all versions up to 1.0.4b, thereby exposing a significant number of installations to security threats. Robust security measures and timely updates are essential for safeguarding against these types of vulnerabilities.

Affected Version(s)

Post By Email <= 1.0.4b

References

https://patchstack.com/database/wordpress/plugin/post-by-...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 2, 2024
Vulnerability Reserved
Nov 11, 2024

Credit

Mika (Patchstack Alliance)

JSON