CVE-2023-5958: POST SMTP Mailer < 2.7.1 - Unauthenticated Cross-site Scripting
First published: Mon Nov 27 2023(Updated: )
The POST SMTP Mailer WordPress plugin before 2.7.1 does not escape email message content before displaying it in the backend, allowing an unauthenticated attacker to perform XSS attacks against highly privileged users.
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Post SMTP | <2.7.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2023-5958?
CVE-2023-5958 is an unauthenticated cross-site scripting vulnerability found in the POST SMTP Mailer WordPress plugin before version 2.7.1.
What is the severity of CVE-2023-5958?
CVE-2023-5958 has a severity rating of medium with a CVSS score of 6.1.
Who is affected by CVE-2023-5958?
Users of the POST SMTP Mailer WordPress plugin versions prior to 2.7.1 are affected by CVE-2023-5958.
How can an attacker exploit CVE-2023-5958?
An unauthenticated attacker can exploit CVE-2023-5958 by performing cross-site scripting attacks against highly privileged users through the email message content in the plugin's backend.
Is there a fix available for CVE-2023-5958?
Yes, the fix for CVE-2023-5958 is to update the POST SMTP Mailer plugin to version 2.7.1 or later.
- agent/first-publish-date
- agent/type
- agent/references
- agent/weakness
- agent/severity
- agent/title
- agent/author
- agent/event
- collector/epss-latest
- source/FIRST
- agent/description
- agent/epss
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/nvd-api
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- agent/source
- vendor/wpexperts
- canonical/post smtp