Overview
- Description
- The Bounce Handler MailPoet 3 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.3.21 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
- Source
- security@wordfence.com
- NVD status
- Received
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 6.1
- Impact score
- 2.7
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
Weaknesses
- security@wordfence.com
- CWE-79
Social media
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
1
CVE-2024-9938 Reflected XSS Vulnerability in MailPoet 3 Plugin for WordPress The Bounce Handler MailPoet 3 plugin for WordPress has a Reflected Cross-Site Scripting (XSS) vulnerability. This affects all versions ... https://t.co/mtUmWG3Iej
@VulmonFeeds
16 Nov 2024
53 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-9938 The Bounce Handler MailPoet 3 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.3.21… https://t.co/x6eCVMvOCZ
@CVEnew
16 Nov 2024
393 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes