The plugin does not sanitize or escape email content, making it vulnerable to stored cross-site scripting attacks (XSS) when an administrator views the email logs. This exploit requires other plugins to enable users to send emails with unfiltered HTML.
XSS Payload : Steps to reproduce: 1. Install subscribe2 plugin (https://wordpress.org/plugins/subscribe2/) 2. Install FluentSMTP 3. Configure FluentSMTP to use custom SMTP (for testing use mailtrap). 4. As another user (needs Author+ role), send an email using subscribe2 plugin with email content as xss payload. 5. View logs and click on preview icon to trigger XSS.
CPE | Name | Operator | Version |
---|---|---|---|
fluent-smtp | lt | 2.2.3 |