Sensitive Information Injection Vulnerability Affects WP Mailster
CVE-2024-53804

7.5HIGH

Key Information:

Vendor: WordPress
Status: WP Mailster
Vendor: CVE Published:; 6 December 2024

Summary

A vulnerability exists in the WP Mailster plugin developed by Brandtoss, which allows for the unintentional exposure of sensitive information within sent data. This issue can be exploited to retrieve embedded sensitive data, potentially leading to unauthorized access to user information, configurations, or credentials. The flaw impacts all versions from n/a up to 1.8.16.0 of the WP Mailster plugin.

Affected Version(s)

WP Mailster <= 1.8.16.0

References

https://patchstack.com/database/wordpress/plugin/wp-mails...

vdb-entry

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 6, 2024
Vulnerability Reserved
Nov 22, 2024

Credit

Mika (Patchstack Alliance)