CVE-2017-5942

MEDIUM

WP Mail < 1.1 - XSS

Title source: rule

Description

An issue was discovered in the WP Mail plugin before 1.2 for WordPress. The replyto parameter when composing a mail allows for a reflected XSS. This would allow you to execute JavaScript in the context of the user receiving the mail.

References (2)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/96211

[Exploit, Third Party Advisory] https://cjc.im/advisories/0006/

Scores

CVSS v3 6.1

EPSS 0.0019

EPSS Percentile 41.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Classification

CWE

CWE-79

Status published

Affected Products (2)

wp_mail_project/wp_mail < 1.1

n/a/n/a

Timeline

Published Feb 10, 2017

Tracked Since Feb 18, 2026