Published: 02/01/2020 Updated: 20/01/2023

CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8

CVSS v3 Base Score: 5.4 | Impact Score: 2.7 | Exploitability Score: 2.3

VMScore: 312

Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N

The Postie plugin 1.9.40 for WordPress allows XSS, as demonstrated by a certain payload with jaVasCript:/* at the beginning and a crafted SVG element.

Vulnerable Product	Search on Vulmon	Subscribe to Product
postieplugin postie

WordPress Postie plugin versions 1940 and below suffer from a persistent cross site scripting vulnerability ...

This PoC describe how to exploit Postie WordPress plugin v1.9.40

Exploiting Postie WordPress Plugin This PoC describe how to exploit Postie WordPress plugin <v1940 I will describe two ways to explore the Postie v1940 plugin for WordPress: Spoofing valid user for post submission // I published this CVE-2019-20203 XSS with JavaScript Polyglot // I published this CVE-2019-20204 About Postie WordPress plugin Postie allows you to cr

CWE-79 https://wordpress.org/plugins/postie/#developers https://postieplugin.com/https://github.com/V1n1v131r4/Exploiting-Postie-WordPress-Plugin-/blob/master/README.md https://wpvulndb.com/vulnerabilities/10002 http://packetstormsecurity.com/files/155973/WordPress-Postie-1.9.40-Cross-Site-Scripting.html https://nvd.nist.gov https://github.com/V1n1v131r4/Exploiting-Postie-WordPress-Plugin-https://packetstormsecurity.com/files/155973/WordPress-Postie-1.9.40-Cross-Site-Scripting.html

CVE-2019-20204

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect