CVE-2023-5958

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-5958

6.1 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

T

he POST SMTP Mailer WordPress plugin before 2.7.1 does not escape email message content before displaying it in the backend, allowing an unauthenticated attacker to perform XSS attacks against highly privileged users.

References
Link Resource
https://wpscan.com/vulnerability/22fa478d-e42e-488d-9b4b-a8720dec7cee Exploit Third Party Advisory
https://wpscan.com/vulnerability/22fa478d-e42e-488d-9b4b-a8720dec7cee Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:wpexperts:post_smtp:*:*:*:*:*:wordpress:*:*
History

04 Jun 2025, 15:05

Type Values Removed Values Added
CPE cpe:2.3:a:wpexperts:post_smtp_mailer:*:*:*:*:*:wordpress:*:* cpe:2.3:a:wpexperts:post_smtp:*:*:*:*:*:wordpress:*:*
First Time Wpexperts post Smtp

21 Nov 2024, 08:42

Type Values Removed Values Added
References () https://wpscan.com/vulnerability/22fa478d-e42e-488d-9b4b-a8720dec7cee - Exploit, Third Party Advisory () https://wpscan.com/vulnerability/22fa478d-e42e-488d-9b4b-a8720dec7cee - Exploit, Third Party Advisory
Information

Published : 2023-11-27 17:15

Updated : 2025-06-04 15:05

NVD link : CVE-2023-5958

Mitre link : CVE-2023-5958

CVE.ORG link : CVE-2023-5958

JSON object : View

Products Affected

wpexperts

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')