Reflected XSS Vulnerability in GD Mail Queue by Milan Petrovic
CVE-2025-24608

7.1HIGH

Key Information:

Vendor: WordPress
Status: Gd Mail Queue
Vendor: CVE Published:; 31 January 2025

Summary

The GD Mail Queue plugin by Milan Petrovic is susceptible to a Reflective Cross-site Scripting (XSS) vulnerability. This flaw allows an attacker to inject malicious scripts into user sessions, potentially compromising user data and website integrity. It affects all versions starting from n/a up to 4.3, emphasizing the need for immediate updates and security measures to mitigate this risk.

Affected Version(s)

GD Mail Queue <= 4.3

References

https://patchstack.com/database/wordpress/plugin/gd-mail-...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 31, 2025
Vulnerability Reserved
Jan 23, 2025

Credit

João Pedro S Alcântara (Kinorth) (Patchstack Alliance)