Published: 02/01/2020 Updated: 24/08/2020

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

The Authorized Addresses feature in the Postie plugin 1.9.40 for WordPress allows remote malicious users to publish posts by spoofing the From information of an email message.

Vulnerable Product	Search on Vulmon	Subscribe to Product
postieplugin postie

WordPress Postie plugin versions 1940 and below suffer from a persistent cross site scripting vulnerability ...

This PoC describe how to exploit Postie WordPress plugin v1.9.40

Exploiting Postie WordPress Plugin This PoC describe how to exploit Postie WordPress plugin <v1940 I will describe two ways to explore the Postie v1940 plugin for WordPress: Spoofing valid user for post submission // I published this CVE-2019-20203 XSS with JavaScript Polyglot // I published this CVE-2019-20204 About Postie WordPress plugin Postie allows you to cr

CWE-290 https://wordpress.org/plugins/postie/#developers https://postieplugin.com/https://github.com/V1n1v131r4/Exploiting-Postie-WordPress-Plugin-/blob/master/README.md https://wpvulndb.com/vulnerabilities/10002 https://nvd.nist.gov https://github.com/V1n1v131r4/Exploiting-Postie-WordPress-Plugin-https://packetstormsecurity.com/files/155973/WordPress-Postie-1.9.40-Cross-Site-Scripting.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2019-20203

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect