Reflected Cross-Site Scripting Vulnerability in WP Test Email Plugin
CVE-2024-8664

6.1MEDIUM

Key Information:

Vendor: Wordpress
Status: WP Test Email
Vendor: CVE Published:; 13 September 2024

What is CVE-2024-8664?

The WP Test Email plugin for WordPress is susceptible to a Reflected Cross-Site Scripting flaw, stemming from the improper use of the add_query_arg function without adequate URL escaping in all versions up to and including 1.1.7. This vulnerability creates an opportunity for malicious, unauthenticated attackers to inject arbitrary scripts into the webpages. Such scripts may execute within users' browsers when they are tricked into clicking a specially crafted link, potentially compromising sensitive information and user interaction on affected sites.

Affected Version(s)

WP Test Email * <= 1.1.7

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/wp-test-email/...

https://plugins.trac.wordpress.org/changeset?sfp_email=&s...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 13, 2024
Vulnerability Reserved
Sep 10, 2024

Credit

Dale Mavers