Vulnerability Details CVE-2017-18603
The postman-smtp plugin through 2017-10-04 for WordPress has XSS via the wp-admin/tools.php?page=postman_email_log page parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 43.7%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
- https://wordpress.org/plugins/postman-smtp/#developers
- https://www.pluginvulnerabilities.com/2017/06/29/reflected-cross-site-scripting-xss-vulnerability-in-postman-smtp/
- https://wordpress.org/plugins/postman-smtp/#developers
- https://www.pluginvulnerabilities.com/2017/06/29/reflected-cross-site-scripting-xss-vulnerability-in-postman-smtp/
Products affected by CVE-2017-18603
-
cpe:2.3:a:postman-smtp_project:postman-smtp:-
-
cpe:2.3:a:postman-smtp_project:postman-smtp:2017-10-04