CVE-2019-11843

Published June 2nd, 2020

View on NVD ↗

CVSS v3

6.1

MEDIUM

CVSS v2

4.3

MEDIUM

Affected

PROJECT

Description

The MailPoet plugin before 3.23.2 for WordPress allows remote attackers to inject arbitrary web script or HTML using extra parameters in the URL (Reflective Server-Side XSS).

mailpoet/mailpoet

A free newsletter plugin for WordPress

GitHub

157