Cross-Site Scripting Vulnerability in DuoGeek Email to Download for WordPress
CVE-2025-23786
7.1HIGH
Summary
A Cross-Site Scripting vulnerability exists in the DuoGeek Email to Download plugin, allowing attackers to inject malicious scripts through improperly neutralized input during web page generation. This vulnerability affects versions of the Email to Download plugin prior to 3.1.0, potentially exposing users to security risks such as session hijacking and defacement.
Affected Version(s)
Email to Download <= 3.1.0
References
CVSS V3.1
Score:
7.1
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
João Pedro S Alcântara (Kinorth) (Patchstack Alliance)