CVE-2023-3082: XSS
First published: Wed Jul 12 2023(Updated: )
The Post SMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email contents in versions up to, and including, 2.5.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Credit: security@wordfence.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Post SMTP | <2.5.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-3082?
CVE-2023-3082 is a vulnerability in the Post SMTP plugin for WordPress that allows unauthenticated attackers to inject arbitrary web scripts via email contents.
How does CVE-2023-3082 impact WordPress?
CVE-2023-3082 can be exploited to execute malicious scripts on WordPress pages.
What is the severity of CVE-2023-3082?
CVE-2023-3082 has a severity rating of high, with a CVSS score of 6.1.
How can I fix CVE-2023-3082?
To fix CVE-2023-3082, update the Post SMTP plugin for WordPress to version 2.5.8 or above.
Where can I find more information about CVE-2023-3082?
You can find more information about CVE-2023-3082 in the official WordPress plugin repository and on the Wordfence website.
- agent/author
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/remedy
- agent/severity
- agent/last-modified-date
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- collector/nvd-latest
- agent/softwarecombine
- vendor/wpexperts
- canonical/post smtp