{"id":1746,"date":"2023-08-09T06:43:52","date_gmt":"2023-08-09T06:43:52","guid":{"rendered":"https:\/\/cert-mu.govmu.org\/cert-mu\/?page_id=1746"},"modified":"2023-08-09T07:03:24","modified_gmt":"2023-08-09T07:03:24","slug":"multiple-wordpress-plugins-vulnerabilities","status":"publish","type":"page","link":"https:\/\/cert-mu.govmu.org\/cert-mu\/?page_id=1746","title":{"rendered":"Multiple WordPress Plugins Vulnerabilities"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-page\" data-elementor-id=\"1746\" class=\"elementor elementor-1746\" data-elementor-post-type=\"page\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-166eefda ct-section-stretched elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"166eefda\" data-element_type=\"section\" data-settings=\"{&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t\t\t\t\t\t<div class=\"elementor-background-overlay\"><\/div>\n\t\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-top-column elementor-element elementor-element-314d1d\" data-id=\"314d1d\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap\">\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-top-column elementor-element elementor-element-514ff558 elementor-hidden-tablet elementor-hidden-phone\" data-id=\"514ff558\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap\">\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-4e3e8fb elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"4e3e8fb\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-93566b9\" data-id=\"93566b9\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-d08b013 elementor-widget elementor-widget-heading\" data-id=\"d08b013\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Multiple WordPress Plugins Vulnerabilities<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-7d0347e elementor-widget elementor-widget-text-editor\" data-id=\"7d0347e\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><strong>CERT-MU Vulnerability Note VN-2023-07<br \/><\/strong><br \/><strong>Date of Issue: 17.07.2023<\/strong><br \/><br \/><strong>Severity Rating: High<\/strong><br \/><br \/><strong>Affected Plugins:<\/strong><br \/>\uf0b7 WP Mail Logging Team WP Mail Logging Team WP Mail Logging plugin<br \/>\uf0b7 Post SMTP POST SMTP Mailer plugin<br \/>\uf0b7 FluentSMTP &amp; WPManageNinja Team FluentSMTP plugin<br \/>\uf0b7 YayCommerce YaySMTP plugin<br \/>\uf0b7 WPVibes WP Mail Log plugin<br \/>\uf0b7 James Ward WP Mail Catcher plugin<br \/><br \/><strong>Description<\/strong><br \/>These WordPress plugin for WordPress is vulnerable to cross-site scripting, caused by improper<br \/>validation of user-supplied input. A remote attacker could exploit this vulnerability to inject<br \/>malicious script into a Web page which would be executed in a victim\u2019s Web browser within the<br \/>security context of the hosting Web site, once the page is viewed. An attacker could use this<br \/>vulnerability to steal the victim\u2019s cookie-based authentication credentials.<br \/><br \/><strong>Solution<\/strong><br \/>Users are advised to apply updates to address the vulnerabilities. Before applying the patch, please<br \/>visit the vendor website for more details:<br \/>\uf0b7\u00a0<a href=\"https:\/\/plugins.trac.wordpress.org\/changeset\/2924014\/wp-mail-catcher\">https:\/\/plugins.trac.wordpress.org\/changeset\/2924014\/wp-mail-catcher<\/a><br \/>\uf0b7\u00a0<a href=\"https:\/\/plugins.trac.wordpress.org\/changeset\/2923464\/wp-mail-logging\">https:\/\/plugins.trac.wordpress.org\/changeset\/2923464\/wp-mail-logging<\/a><br \/>\uf0b7\u00a0<a href=\"https:\/\/plugins.trac.wordpress.org\/changeset\/2925728\/wp-mail-logging\">https:\/\/plugins.trac.wordpress.org\/changeset\/2925728\/wp-mail-logging<\/a><br \/>\uf0b7\u00a0<a href=\"https:\/\/plugins.trac.wordpress.org\/changeset\/2935537\/post-smtp\">https:\/\/plugins.trac.wordpress.org\/changeset\/2935537\/post-smtp<\/a><br \/>\uf0b7\u00a0<a href=\"https:\/\/plugins.trac.wordpress.org\/changeset\/2935217\/fluentsmtp\/trunk\/app\/Models\/Logger.php\">https:\/\/plugins.trac.wordpress.org\/changeset\/2935217\/fluentsmtp\/trunk\/app\/Models\/Logger.php<\/a><br \/>\uf0b7\u00a0<a href=\"https:\/\/plugins.trac.wordpress.org\/changeset\/2935217\/fluentsmtp\/trunk\/app\/Services\/Mailer\/BaseHandler.php\">https:\/\/plugins.trac.wordpress.org\/changeset\/2935217\/fluentsmtp\/trunk\/app\/Services\/Mailer\/BaseHandler.php<\/a><br \/>\uf0b7\u00a0<a href=\"https:\/\/plugins.trac.wordpress.org\/changeset\/2931706\/wp-mail-log%20Multiple%20WordPress%20Plugins%20Vulnerabilities\">https:\/\/plugins.trac.wordpress.org\/changeset\/2931706\/wp-mail-log<br \/>Multiple WordPress Plugins Vulnerabilities<\/a><br \/><br \/><strong>CVE Information<\/strong><br \/>\uf0b7\u00a0<a href=\"https:\/\/wordpress.org\/plugins\/wp-mail-catcher\/\">CVE-2023-3080 CVSS:7.2<\/a><br \/>\uf0b7\u00a0<a href=\"https:\/\/wordpress.org\/plugins\/wp-mail-logging\/\">CVE-2023-3081 CVSS:7.2<\/a><br \/>\uf0b7\u00a0<a href=\"https:\/\/wordpress.org\/plugins\/post-smtp\/\">CVE-2023-3082 CVSS:7.2<\/a><br \/>\uf0b7\u00a0<a href=\"https:\/\/wordpress.org\/plugins\/fluent-smtp\/\">CVE-2023-3087 CVSS:7.2<\/a><br \/>\uf0b7\u00a0<a href=\"https:\/\/wordpress.org\/plugins\/wp-mail-log\/\">CVE-2023-3088 CVSS:7.2<\/a><br \/>\uf0b7\u00a0<a href=\"https:\/\/wordpress.org\/plugins\/yaysmtp\/\">CVE-2023-3093 CVSS:7.2<\/a><br \/><br \/><strong>References<\/strong><br \/>\uf0b7\u00a0<a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-3080\">https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-3080<\/a><br \/>\uf0b7\u00a0<a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-3081\">https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-3081<\/a><br \/>\uf0b7\u00a0<a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-3082\">https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-3082<\/a><br \/>\uf0b7\u00a0<a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-3087\">https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-3087<\/a><br \/>\uf0b7\u00a0<a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-3088\">https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-3088<\/a><br \/>\uf0b7\u00a0<a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-3093\">https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-3093<\/a><br \/>\uf0b7\u00a0<a href=\"https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1525e1c9-4b94-4f9f-92c5-%20fc69fe000771?source=cve\">https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1525e1c9-4b94-4f9f-92c5-<br \/>fc69fe000771?source=cve<\/a><br \/>\uf0b7\u00a0<a href=\"https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ef20b3e6-d8f4-458e-b604-%20b46ef16e229e?source=cve\">https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ef20b3e6-d8f4-458e-b604-<br \/>b46ef16e229e?source=cve<\/a><br \/>\uf0b7\u00a0<a href=\"https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6ecd0fa6-4fdb-4780-9560-%200bb126800685?source=cve\">https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6ecd0fa6-4fdb-4780-9560-<br \/>0bb126800685?source=cve<\/a><br \/>\uf0b7\u00a0<a href=\"https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fa47a794-e5ce-491d-a10bc7c5718aa853?source=cve\">https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fa47a794-e5ce-491d-a10bc7c5718aa853?source=cve<\/a><br \/>\uf0b7\u00a0<a href=\"https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/86ee1acb-6f0c-40e6-80a0-%20fc93b61c1602?source=cve\">https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/86ee1acb-6f0c-40e6-80a0-<br \/>fc93b61c1602?source=cve<\/a><br \/>\uf0b7\u00a0<a href=\"https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/68e6ec3a-c5fd-4f63-a9a0-%202c9ddfb96e2e?source=cve\">https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/68e6ec3a-c5fd-4f63-a9a0-<br \/>2c9ddfb96e2e?source=cve<\/a><br \/><br \/><strong>Report Cyber Incidents<\/strong><br \/>Report cyber security incident on the Mauritian Cybercrime Online Reporting System (MAUCORS \u2013<br \/>http:\/\/maucors.govmu.org\/)<br \/><br \/><strong>Contact Information<\/strong><br \/><strong>Computer Emergency Response Team of Mauritius (CERT-MU)<br \/>Ministry of Information Technology, Communication and Innovation<\/strong><br \/>Tel: (+230) 4602600<br \/>Hotline No: (+230) 800 2378<br \/>Gen. Info. : contact@cert.govmu.org<br \/>Incident: incident@cert.govmu.org<br \/>Website: http:\/\/cert-mu.govmu.org<br \/>MAUCORS: http:\/\/maucors.govmu.org<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Multiple WordPress Plugins Vulnerabilities CERT-MU Vulnerability Note VN-2023-07Date of Issue: 17.07.2023 Severity Rating: High Affected Plugins:\uf0b7 WP Mail Logging Team WP Mail Logging Team WP Mail Logging plugin\uf0b7 Post SMTP POST SMTP Mailer plugin\uf0b7 FluentSMTP &amp; WPManageNinja Team FluentSMTP plugin\uf0b7 YayCommerce YaySMTP plugin\uf0b7 WPVibes WP Mail Log plugin\uf0b7 James Ward WP Mail Catcher plugin DescriptionThese WordPress plugin for WordPress is vulnerable to cross-site scripting, caused by impropervalidation of user-supplied input. A remote attacker could exploit this vulnerability to injectmalicious script into a Web page which would be executed in a victim\u2019s Web browser within thesecurity context of the hosting Web\u2026<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-1746","page","type-page","status-publish","hentry"],"blocksy_meta":{"page_title_panel":"","has_hero_section":"disabled","bc159c5af2a03de5c75561ba297140d8":"","hero_section":"type-1","hero_elements":[{"id":"custom_title","enabled":true,"heading_tag":"h1","title":"Home"},{"id":"custom_description","enabled":true,"description_visibility":{"desktop":true,"tablet":true,"mobile":false}},{"id":"custom_meta","enabled":false,"meta_elements":[{"id":"author","enabled":true,"label":"By","has_author_avatar":"yes","avatar_size":25},{"id":"post_date","enabled":true,"label":"On","date_format_source":"default","date_format":"M j, Y"},{"id":"comments","enabled":true}],"page_meta_elements":{"joined":true,"articles_count":true,"comments":true}},{"id":"breadcrumbs","enabled":false}],"df3eb590217e0ce26e832da2c07e7ca6":"","hero_alignment1":"left","hero_alignment2":"center","hero_vertical_alignment":"center","19d24a625abe62e6d16b259439e9cba0":"","hero_structure":"narrow","a3dd00aea12a8c52bdc0775015a386ce":"","page_title_bg_type":"featured_image","custom_hero_background":{"attachment_id":null},"parallax":{"desktop":false,"tablet":false,"mobile":false},"007fc1b0d7d7ea0d9823538a36652bf9":"","hero_height":"250px","pageTitleFont":{"family":"Default","variation":"Default","size":{"desktop":"32px","tablet":"30px","mobile":"25px"},"line-height":"CT_CSS_SKIP_RULE","letter-spacing":"CT_CSS_SKIP_RULE","text-transform":"CT_CSS_SKIP_RULE","text-decoration":"CT_CSS_SKIP_RULE"},"pageTitleFontColor":{"default":{"color":"CT_CSS_SKIP_RULEDEFAULT"}},"pageMetaFont":{"family":"Default","variation":"n6","size":"12px","line-height":"1.3","letter-spacing":"CT_CSS_SKIP_RULE","text-transform":"uppercase","text-decoration":"CT_CSS_SKIP_RULE"},"pageMetaFontColor":{"default":{"color":"CT_CSS_SKIP_RULEDEFAULT"},"hover":{"color":"CT_CSS_SKIP_RULEDEFAULT"}},"pageExcerptFont":{"family":"Default","variation":"Default","size":"CT_CSS_SKIP_RULE","line-height":"CT_CSS_SKIP_RULE","letter-spacing":"CT_CSS_SKIP_RULE","text-transform":"CT_CSS_SKIP_RULE","text-decoration":"CT_CSS_SKIP_RULE"},"pageExcerptColor":{"default":{"color":"CT_CSS_SKIP_RULEDEFAULT"}},"breadcrumbsFont":{"family":"Default","variation":"n6","size":"12px","line-height":"CT_CSS_SKIP_RULE","letter-spacing":"CT_CSS_SKIP_RULE","text-transform":"uppercase","text-decoration":"CT_CSS_SKIP_RULE"},"breadcrumbsFontColor":{"default":{"color":"CT_CSS_SKIP_RULEDEFAULT"},"initial":{"color":"CT_CSS_SKIP_RULEDEFAULT"},"hover":{"color":"CT_CSS_SKIP_RULEDEFAULT"}},"pageTitleOverlay":{"default":{"color":"rgba(41, 51, 60, 0.2)"}},"pageTitleBackground":{"background_type":"color","background_pattern":"type-1","background_image":{"attachment_id":null,"x":0,"y":0},"background_repeat":"no-repeat","background_size":"auto","background_attachment":"scroll","patternColor":{"default":{"color":"#e5e7ea"}},"backgroundColor":{"default":{"color":"#EDEFF2"}}},"806cf646dc975203c3ef573b498d2a6c":"","page_structure_type":"default","content_style":"inherit","vertical_spacing_source":"custom","content_area_spacing":"none","background":{"background_type":"color","background_pattern":"type-1","background_image":{"attachment_id":null,"x":0,"y":0},"background_repeat":"no-repeat","background_size":"auto","background_attachment":"scroll","patternColor":{"default":{"color":"#e5e7ea"}},"backgroundColor":{"default":{"color":"CT_CSS_SKIP_RULE"}}},"content_background":{"background_type":"color","background_pattern":"type-1","background_image":{"attachment_id":null,"x":0,"y":0},"background_repeat":"no-repeat","background_size":"auto","background_attachment":"scroll","patternColor":{"default":{"color":"#e5e7ea"}},"backgroundColor":{"default":{"color":"#ffffff"}}},"content_boxed_spacing":{"desktop":"40px","tablet":"35px","mobile":"20px"},"content_boxed_radius":{"top":"3px","bottom":"3px","left":"3px","right":"3px","linked":true},"content_boxed_shadow":{"blur":18,"spread":-6,"v_offset":12,"h_offset":0,"inset":false,"enable":true,"color":{"color":"rgba(34, 56, 101, 0.04)"}},"19c6ff9349ac0932d7247f0e755658ea":"","disable_featured_image":"no","disable_header":"no","disable_footer":"no","styles_descriptor":{"styles":{"desktop":"","tablet":"","mobile":""},"google_fonts":[]}},"_links":{"self":[{"href":"https:\/\/cert-mu.govmu.org\/cert-mu\/index.php?rest_route=\/wp\/v2\/pages\/1746","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cert-mu.govmu.org\/cert-mu\/index.php?rest_route=\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/cert-mu.govmu.org\/cert-mu\/index.php?rest_route=\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/cert-mu.govmu.org\/cert-mu\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cert-mu.govmu.org\/cert-mu\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1746"}],"version-history":[{"count":4,"href":"https:\/\/cert-mu.govmu.org\/cert-mu\/index.php?rest_route=\/wp\/v2\/pages\/1746\/revisions"}],"predecessor-version":[{"id":1780,"href":"https:\/\/cert-mu.govmu.org\/cert-mu\/index.php?rest_route=\/wp\/v2\/pages\/1746\/revisions\/1780"}],"wp:attachment":[{"href":"https:\/\/cert-mu.govmu.org\/cert-mu\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1746"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}