CVE-2012-2579

WP SimpleMail 1.0.6 - Cross-Site Scripting via Email Fields

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-2579. PoCs published by loneferret.

AI-analyzed exploit summary This exploit demonstrates a stored XSS vulnerability in WP SimpleMail 1.0.6 by injecting malicious JavaScript payloads into email fields (To, From, Date, Subject). The PoC sends an email with an XSS payload via SMTP, exploiting insufficient input sanitization.

Description

Multiple cross-site scripting (XSS) vulnerabilities in the WP SimpleMail plugin 1.0.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) To, (2) From, (3) Date, or (4) Subject field of an email.

Exploits (1)

exploitdb WORKING POC VERIFIED

by loneferret · pythonwebappsphp

https://www.exploit-db.com/exploits/20361

View Code ZIP pw:eip

This exploit demonstrates a stored XSS vulnerability in WP SimpleMail 1.0.6 by injecting malicious JavaScript payloads into email fields (To, From, Date, Subject). The PoC sends an email with an XSS payload via SMTP, exploiting insufficient input sanitization.

Classification

Working Poc 95%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: WP SimpleMail 1.0.6 (WordPress Plugin)

Auth required

Prerequisites: SMTP server access · Valid credentials for SMTP authentication · WP SimpleMail plugin installed and configured

MITRE ATT&CK