← back
CVE-2023-5958

POST SMTP Mailer < 2.7.1 - Unauthenticated Cross-site Scripting

EPSS 0.5%
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 0.5%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
27 Nov 2023Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The POST SMTP Mailer WordPress plugin before 2.7.1 does not escape email message content before displaying it in the backend, allowing an unauthenticated attacker to perform XSS attacks against highly privileged users.