{"id":1262,"date":"2023-07-24T10:57:42","date_gmt":"2023-07-24T10:57:42","guid":{"rendered":"https:\/\/cert-mu.govmu.org\/cert-mu\/?p=1262"},"modified":"2023-07-24T17:36:20","modified_gmt":"2023-07-24T17:36:20","slug":"multiple-wordpress-plugins-vulnerabilities","status":"publish","type":"post","link":"https:\/\/cert-mu.govmu.org\/cert-mu\/?p=1262","title":{"rendered":"Multiple WordPress Plugins Vulnerabilities"},"content":{"rendered":"\n<p><strong>CERT-MU Vulnerability Note VN-2023-07<br><\/strong><br><strong>Date of Issue: 17.07.2023<\/strong><br><br><strong>Severity Rating: High<\/strong><br><br><strong>Affected Plugins:<\/strong><br>\uf0b7 WP Mail Logging Team WP Mail Logging Team WP Mail Logging plugin<br>\uf0b7 Post SMTP POST SMTP Mailer plugin<br>\uf0b7 FluentSMTP &amp; WPManageNinja Team FluentSMTP plugin<br>\uf0b7 YayCommerce YaySMTP plugin<br>\uf0b7 WPVibes WP Mail Log plugin<br>\uf0b7 James Ward WP Mail Catcher plugin<br><br><strong>Description<\/strong><br>These WordPress plugin for WordPress is vulnerable to cross-site scripting, caused by improper<br>validation of user-supplied input. A remote attacker could exploit this vulnerability to inject<br>malicious script into a Web page which would be executed in a victim&#8217;s Web browser within the<br>security context of the hosting Web site, once the page is viewed. An attacker could use this<br>vulnerability to steal the victim&#8217;s cookie-based authentication credentials.<br><br><strong>Solution<\/strong><br>Users are advised to apply updates to address the vulnerabilities. Before applying the patch, please<br>visit the vendor website for more details:<br>\uf0b7 <a href=\"https:\/\/plugins.trac.wordpress.org\/changeset\/2924014\/wp-mail-catcher\">https:\/\/plugins.trac.wordpress.org\/changeset\/2924014\/wp-mail-catcher<\/a><br>\uf0b7 <a href=\"https:\/\/plugins.trac.wordpress.org\/changeset\/2923464\/wp-mail-logging\">https:\/\/plugins.trac.wordpress.org\/changeset\/2923464\/wp-mail-logging<\/a><br>\uf0b7 <a href=\"https:\/\/plugins.trac.wordpress.org\/changeset\/2925728\/wp-mail-logging\">https:\/\/plugins.trac.wordpress.org\/changeset\/2925728\/wp-mail-logging<\/a><br>\uf0b7 <a href=\"https:\/\/plugins.trac.wordpress.org\/changeset\/2935537\/post-smtp\">https:\/\/plugins.trac.wordpress.org\/changeset\/2935537\/post-smtp<\/a><br>\uf0b7 <a href=\"https:\/\/plugins.trac.wordpress.org\/changeset\/2935217\/fluentsmtp\/trunk\/app\/Models\/Logger.php\">https:\/\/plugins.trac.wordpress.org\/changeset\/2935217\/fluentsmtp\/trunk\/app\/Models\/Logger.php<\/a><br>\uf0b7 <a href=\"https:\/\/plugins.trac.wordpress.org\/changeset\/2935217\/fluentsmtp\/trunk\/app\/Services\/Mailer\/BaseHandler.php\">https:\/\/plugins.trac.wordpress.org\/changeset\/2935217\/fluentsmtp\/trunk\/app\/Services\/Mailer\/BaseHandler.php<\/a><br>\uf0b7 <a href=\"https:\/\/plugins.trac.wordpress.org\/changeset\/2931706\/wp-mail-log Multiple WordPress Plugins Vulnerabilities\">https:\/\/plugins.trac.wordpress.org\/changeset\/2931706\/wp-mail-log<br>Multiple WordPress Plugins Vulnerabilities<\/a><br><br><strong>CVE Information<\/strong><br>\uf0b7 <a href=\"https:\/\/wordpress.org\/plugins\/wp-mail-catcher\/\">CVE-2023-3080 CVSS:7.2<\/a><br>\uf0b7 <a href=\"https:\/\/wordpress.org\/plugins\/wp-mail-logging\/\">CVE-2023-3081 CVSS:7.2<\/a><br>\uf0b7 <a href=\"https:\/\/wordpress.org\/plugins\/post-smtp\/\">CVE-2023-3082 CVSS:7.2<\/a><br>\uf0b7 <a href=\"https:\/\/wordpress.org\/plugins\/fluent-smtp\/\">CVE-2023-3087 CVSS:7.2<\/a><br>\uf0b7 <a href=\"https:\/\/wordpress.org\/plugins\/wp-mail-log\/\">CVE-2023-3088 CVSS:7.2<\/a><br>\uf0b7 <a href=\"https:\/\/wordpress.org\/plugins\/yaysmtp\/\">CVE-2023-3093 CVSS:7.2<\/a><br><br><strong>References<\/strong><br>\uf0b7 <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-3080\">https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-3080<\/a><br>\uf0b7 <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-3081\">https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-3081<\/a><br>\uf0b7 <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-3082\">https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-3082<\/a><br>\uf0b7 <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-3087\">https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-3087<\/a><br>\uf0b7 <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-3088\">https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-3088<\/a><br>\uf0b7 <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-3093\">https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-3093<\/a><br>\uf0b7 <a href=\"https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1525e1c9-4b94-4f9f-92c5- fc69fe000771?source=cve\">https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/1525e1c9-4b94-4f9f-92c5-<br>fc69fe000771?source=cve<\/a><br>\uf0b7 <a href=\"https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ef20b3e6-d8f4-458e-b604- b46ef16e229e?source=cve\">https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/ef20b3e6-d8f4-458e-b604-<br>b46ef16e229e?source=cve<\/a><br>\uf0b7 <a href=\"https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6ecd0fa6-4fdb-4780-9560- 0bb126800685?source=cve\">https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/6ecd0fa6-4fdb-4780-9560-<br>0bb126800685?source=cve<\/a><br>\uf0b7 <a href=\"https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fa47a794-e5ce-491d-a10bc7c5718aa853?source=cve\">https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/fa47a794-e5ce-491d-a10bc7c5718aa853?source=cve<\/a><br>\uf0b7 <a href=\"https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/86ee1acb-6f0c-40e6-80a0- fc93b61c1602?source=cve\">https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/86ee1acb-6f0c-40e6-80a0-<br>fc93b61c1602?source=cve<\/a><br>\uf0b7 <a href=\"https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/68e6ec3a-c5fd-4f63-a9a0- 2c9ddfb96e2e?source=cve\">https:\/\/www.wordfence.com\/threat-intel\/vulnerabilities\/id\/68e6ec3a-c5fd-4f63-a9a0-<br>2c9ddfb96e2e?source=cve<\/a><br><br><strong>Report Cyber Incidents<\/strong><br>Report cyber security incident on the Mauritian Cybercrime Online Reporting System (MAUCORS &#8211;<br>http:\/\/maucors.govmu.org\/)<br><br><strong>Contact Information<\/strong><br><strong>Computer Emergency Response Team of Mauritius (CERT-MU)<br>Ministry of Information Technology, Communication and Innovation<\/strong><br>Tel: (+230) 4602600<br>Hotline No: (+230) 800 2378<br>Gen. Info. : contact@cert.govmu.org<br>Incident: incident@cert.govmu.org<br>Website: http:\/\/cert-mu.govmu.org<br>MAUCORS: http:\/\/maucors.govmu.org<\/p>\n","protected":false},"excerpt":{"rendered":"<p>CERT-MU Vulnerability Note VN-2023-07Date of Issue: 17.07.2023 Severity Rating: High Affected Plugins:\uf0b7 WP Mail Logging Team WP Mail Logging Team WP Mail Logging plugin\uf0b7 Post SMTP POST SMTP Mailer plugin\uf0b7 FluentSMTP &amp; WPManageNinja Team FluentSMTP plugin\uf0b7 YayCommerce YaySMTP plugin\uf0b7 WPVibes WP Mail Log plugin\uf0b7 James Ward WP Mail Catcher plugin DescriptionThese WordPress plugin for WordPress is vulnerable to cross-site scripting, caused by impropervalidation of user-supplied input. A remote attacker could exploit this vulnerability to injectmalicious script into a Web page which would be executed in a victim&#8217;s Web browser within thesecurity context of the hosting Web site, once the page\u2026<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[],"class_list":["post-1262","post","type-post","status-publish","format-standard","hentry","category-vulnerability-notes"],"blocksy_meta":"","_links":{"self":[{"href":"https:\/\/cert-mu.govmu.org\/cert-mu\/index.php?rest_route=\/wp\/v2\/posts\/1262","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cert-mu.govmu.org\/cert-mu\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cert-mu.govmu.org\/cert-mu\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cert-mu.govmu.org\/cert-mu\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cert-mu.govmu.org\/cert-mu\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1262"}],"version-history":[{"count":2,"href":"https:\/\/cert-mu.govmu.org\/cert-mu\/index.php?rest_route=\/wp\/v2\/posts\/1262\/revisions"}],"predecessor-version":[{"id":1264,"href":"https:\/\/cert-mu.govmu.org\/cert-mu\/index.php?rest_route=\/wp\/v2\/posts\/1262\/revisions\/1264"}],"wp:attachment":[{"href":"https:\/\/cert-mu.govmu.org\/cert-mu\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1262"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cert-mu.govmu.org\/cert-mu\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1262"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cert-mu.govmu.org\/cert-mu\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1262"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}