Postie <= 1.9.40 - Post Submission Spoofing & Stored XSS
"The Postie plugin for WordPress only allows posting of articles submitted by authorized users through a mailing list registered in the plugin settings. However through the email sender's spoofing technique, it was possible to bypass the plugin settings and publish a post as having been sent by a valid user." This could be used to create a post with an XSS payload.
no known fix
|Publicly Published||2020-01-02 (6 months ago)|
|Added||2020-01-03 (6 months ago)|
|Last Updated||2020-01-04 (6 months ago)|
Our Other Services
|Online WordPress Vulnerability Scanner||WPScan WordPress Security Plugin|