CVE-2017-5942
WP Mail <= 1.1 - Reflected Cross-Site Scripting
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
An issue was discovered in the WP Mail plugin before 1.2 for WordPress. The replyto parameter when composing a mail allows for a reflected XSS. This would allow you to execute JavaScript in the context of the user receiving the mail.
Se descubrió un problema en el plugin WP Mail en versiones anteriores a 1.2 para WordPress. El parámetro replyto al componer un correo permite una XSS reflejada. Esto le podría permitir ejecutar JavaScript en el contexto del usuario que recibe el correo.
An issue was discovered in the WP Mail plugin through version 1.1 for WordPress. The replyto parameter when composing a mail allows for a reflected XSS. This would allow you to execute JavaScript in the context of the user receiving the mail.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-07-23 CVE Published
- 2017-02-09 CVE Reserved
- 2023-03-07 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/96211 | Third Party Advisory |
URL | Date | SRC |
---|---|---|
https://cjc.im/advisories/0006 | 2024-08-05 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Wp Mail Project Search vendor "Wp Mail Project" | Wp Mail Search vendor "Wp Mail Project" for product "Wp Mail" | <= 1.1 Search vendor "Wp Mail Project" for product "Wp Mail" and version " <= 1.1" | wordpress |
Affected
|