Vulnerabilites related to automattic - mailpoet
Vulnerability from fkie_nvd
Published
2020-06-02 17:15
Modified
2025-05-28 14:29
Severity ?
Summary
The MailPoet plugin before 3.23.2 for WordPress allows remote attackers to inject arbitrary web script or HTML using extra parameters in the URL (Reflective Server-Side XSS).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/mailpoet/mailpoet/releases/tag/3.23.2 | Release Notes, Third Party Advisory | |
| cve@mitre.org | https://pluginarchive.com/wordpress/mailpoet/v/3-23-2 | Release Notes, Third Party Advisory | |
| cve@mitre.org | https://wordpress.org/plugins/mailpoet/#developers | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/mailpoet/mailpoet/releases/tag/3.23.2 | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pluginarchive.com/wordpress/mailpoet/v/3-23-2 | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wordpress.org/plugins/mailpoet/#developers | Release Notes, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| automattic | mailpoet | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:automattic:mailpoet:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "F42ECFD9-8063-44B5-859E-FD478ACDA8FD",
"versionEndExcluding": "3.23.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The MailPoet plugin before 3.23.2 for WordPress allows remote attackers to inject arbitrary web script or HTML using extra parameters in the URL (Reflective Server-Side XSS)."
},
{
"lang": "es",
"value": "El plugin MailPoet versiones anteriores a 3.23.2 para WordPress, permite a atacantes remotos inyectar script web o HTML arbitrario usando par\u00e1metros extra en la URL (un XSS Server-Side Reflexivo)."
}
],
"id": "CVE-2019-11843",
"lastModified": "2025-05-28T14:29:39.447",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-02T17:15:11.627",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/mailpoet/mailpoet/releases/tag/3.23.2"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://pluginarchive.com/wordpress/mailpoet/v/3-23-2"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://wordpress.org/plugins/mailpoet/#developers"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/mailpoet/mailpoet/releases/tag/3.23.2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://pluginarchive.com/wordpress/mailpoet/v/3-23-2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://wordpress.org/plugins/mailpoet/#developers"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-11-19 06:15
Modified
2025-06-12 17:01
Severity ?
Summary
In the process of testing the MailPoet WordPress plugin before 5.3.2, a vulnerability was found that allows you to implement Stored XSS on behalf of the editor by embedding malicious script, which entails account takeover backdoor
References
| ▼ | URL | Tags | |
|---|---|---|---|
| contact@wpscan.com | https://wpscan.com/vulnerability/89660883-5f34-426a-ad06-741c0c213ecc/ | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| automattic | mailpoet | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:automattic:mailpoet:*:*:*:*:free:wordpress:*:*",
"matchCriteriaId": "CEA42F06-F491-4B16-A25C-C2E59145711E",
"versionEndExcluding": "5.3.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the process of testing the MailPoet WordPress plugin before 5.3.2, a vulnerability was found that allows you to implement Stored XSS on behalf of the editor by embedding malicious script, which entails account takeover backdoor"
},
{
"lang": "es",
"value": "En el proceso de prueba del complemento MailPoet para WordPress anterior a la versi\u00f3n 5.3.2, se encontr\u00f3 una vulnerabilidad que permite implementar XSS almacenado en nombre del editor mediante la incorporaci\u00f3n de un script malicioso, lo que implica una puerta trasera de apropiaci\u00f3n de cuentas."
}
],
"id": "CVE-2024-10103",
"lastModified": "2025-06-12T17:01:45.550",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-11-19T06:15:17.740",
"references": [
{
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/89660883-5f34-426a-ad06-741c0c213ecc/"
}
],
"sourceIdentifier": "contact@wpscan.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-05-15 20:15
Modified
2025-06-10 11:53
Severity ?
Summary
The MailPoet WordPress plugin before 5.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| contact@wpscan.com | https://wpscan.com/vulnerability/7945f52d-364d-438c-84f2-cf19b4250056/ | Exploit, Third Party Advisory | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://wpscan.com/vulnerability/7945f52d-364d-438c-84f2-cf19b4250056/ | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| automattic | mailpoet | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:automattic:mailpoet:*:*:*:*:free:wordpress:*:*",
"matchCriteriaId": "FCB5746F-F16A-4FBA-9625-D409712BF6A2",
"versionEndExcluding": "5.5.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The MailPoet WordPress plugin before 5.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)."
},
{
"lang": "es",
"value": "El complemento MailPoet para WordPress anterior a la versi\u00f3n 5.5.2 no depura ni escapa de algunas de sus configuraciones, lo que podr\u00eda permitir a usuarios con privilegios elevados como el administrador realizar ataques de Cross-Site Scripting almacenado incluso cuando la capacidad unfiltered_html no est\u00e1 permitida (por ejemplo, en una configuraci\u00f3n de varios sitios)."
}
],
"id": "CVE-2024-12743",
"lastModified": "2025-06-10T11:53:54.447",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-05-15T20:15:37.003",
"references": [
{
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/7945f52d-364d-438c-84f2-cf19b4250056/"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/7945f52d-364d-438c-84f2-cf19b4250056/"
}
],
"sourceIdentifier": "contact@wpscan.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2019-11843 (GCVE-0-2019-11843)
Vulnerability from cvelistv5
Published
2020-06-02 16:45
Modified
2024-08-04 23:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The MailPoet plugin before 3.23.2 for WordPress allows remote attackers to inject arbitrary web script or HTML using extra parameters in the URL (Reflective Server-Side XSS).
References
| ▼ | URL | Tags |
|---|---|---|
| https://wordpress.org/plugins/mailpoet/#developers | x_refsource_MISC | |
| https://github.com/mailpoet/mailpoet/releases/tag/3.23.2 | x_refsource_MISC | |
| https://pluginarchive.com/wordpress/mailpoet/v/3-23-2 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:03:32.884Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wordpress.org/plugins/mailpoet/#developers"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mailpoet/mailpoet/releases/tag/3.23.2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pluginarchive.com/wordpress/mailpoet/v/3-23-2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The MailPoet plugin before 3.23.2 for WordPress allows remote attackers to inject arbitrary web script or HTML using extra parameters in the URL (Reflective Server-Side XSS)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-02T16:45:17",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wordpress.org/plugins/mailpoet/#developers"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mailpoet/mailpoet/releases/tag/3.23.2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pluginarchive.com/wordpress/mailpoet/v/3-23-2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-11843",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The MailPoet plugin before 3.23.2 for WordPress allows remote attackers to inject arbitrary web script or HTML using extra parameters in the URL (Reflective Server-Side XSS)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/mailpoet/#developers",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/mailpoet/#developers"
},
{
"name": "https://github.com/mailpoet/mailpoet/releases/tag/3.23.2",
"refsource": "MISC",
"url": "https://github.com/mailpoet/mailpoet/releases/tag/3.23.2"
},
{
"name": "https://pluginarchive.com/wordpress/mailpoet/v/3-23-2",
"refsource": "MISC",
"url": "https://pluginarchive.com/wordpress/mailpoet/v/3-23-2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-11843",
"datePublished": "2020-06-02T16:45:17",
"dateReserved": "2019-05-09T00:00:00",
"dateUpdated": "2024-08-04T23:03:32.884Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-10103 (GCVE-0-2024-10103)
Vulnerability from cvelistv5
Published
2024-11-19 06:00
Modified
2024-11-19 14:19
Severity ?
VLAI Severity ?
EPSS score ?
Summary
In the process of testing the MailPoet WordPress plugin before 5.3.2, a vulnerability was found that allows you to implement Stored XSS on behalf of the editor by embedding malicious script, which entails account takeover backdoor
References
| ▼ | URL | Tags |
|---|---|---|
| https://wpscan.com/vulnerability/89660883-5f34-426a-ad06-741c0c213ecc/ | exploit, vdb-entry, technical-description |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mailpoet:mailpoet:*:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "unknown",
"product": "mailpoet",
"vendor": "mailpoet",
"versions": [
{
"lessThan": "5.3.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-10103",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-19T14:16:35.078556Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-19T14:19:15.314Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MailPoet",
"vendor": "Unknown",
"versions": [
{
"lessThan": "5.3.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dmitrii Ignatyev"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "In the process of testing the MailPoet WordPress plugin before 5.3.2, a vulnerability was found that allows you to implement Stored XSS on behalf of the editor by embedding malicious script, which entails account takeover backdoor"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Cross-Site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-19T06:00:02.348Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/89660883-5f34-426a-ad06-741c0c213ecc/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "MailPoet \u003c 5.3.2 - Admin+ Stored XSS",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2024-10103",
"datePublished": "2024-11-19T06:00:02.348Z",
"dateReserved": "2024-10-17T18:11:32.210Z",
"dateUpdated": "2024-11-19T14:19:15.314Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-12743 (GCVE-0-2024-12743)
Vulnerability from cvelistv5
Published
2025-05-15 20:06
Modified
2025-05-20 19:30
Severity ?
VLAI Severity ?
EPSS score ?
Summary
The MailPoet WordPress plugin before 5.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
References
| ▼ | URL | Tags |
|---|---|---|
| https://wpscan.com/vulnerability/7945f52d-364d-438c-84f2-cf19b4250056/ | exploit, vdb-entry, technical-description |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-12743",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-20T18:52:33.758361Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-20T19:30:43.953Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://wpscan.com/vulnerability/7945f52d-364d-438c-84f2-cf19b4250056/"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MailPoet",
"vendor": "Unknown",
"versions": [
{
"lessThan": "5.5.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dmitrii Ingatyev"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The MailPoet WordPress plugin before 5.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Cross-Site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-15T20:06:55.990Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/7945f52d-364d-438c-84f2-cf19b4250056/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "MailPoet \u003c 5.5.2 - Admin+ Stored XSS",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2024-12743",
"datePublished": "2025-05-15T20:06:55.990Z",
"dateReserved": "2024-12-17T21:04:13.572Z",
"dateUpdated": "2025-05-20T19:30:43.953Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}