Lucene search
WpvulndbWPVDB-ID:86C1E804-E0E1-4793-8BC8-3BAAAB0197C5HistoryJan 02, 2020 - 12:00 a.m.
Postie <= 1.9.40 - Post Submission Spoofing & Stored XSS
2020-01-0200:00:00
wpscan.com
13
0.009 Low
EPSS
Percentile
82.7%
“The Postie plugin for WordPress only allows posting of articles submitted by authorized users through a mailing list registered in the plugin settings. However through the email sender’s spoofing technique, it was possible to bypass the plugin settings and publish a post as having been sent by a valid user.” This could be used to create a post with an XSS payload.
Related
exploitpack
exploitpack
WordPress Plugin Postie 1.9.40 - Persistent Cross-Site Scripting
2020-01-16 00:00:00
packetstorm
packetstorm
WordPress Postie 1.9.40 Cross Site Scripting
2020-01-15 00:00:00
exploitdb
exploitdb
WordPress Plugin Postie 1.9.40 - Persistent Cross-Site Scripting
2020-01-16 00:00:00
nvd
nvd
CVE-2019-20204
2020-01-02 14:16:36
CVE-2019-20203
2020-01-02 14:16:35
cve
cve
CVE-2019-20204
2020-01-02 14:16:36
CVE-2019-20203
2020-01-02 14:16:35
zdt
zdt
WordPress Postie 1.9.40 Plugin - Persistent Cross-Site Scripting Exploit
2020-01-16 00:00:00
prion
prion
Design/Logic Flaw
2020-01-02 14:16:00
Code injection
2020-01-02 14:16:00
cvelist
cvelist
CVE-2019-20204
2020-01-01 21:59:58
CVE-2019-20203
2020-01-01 21:59:46