CVE-2025-1319

Medium CVSS: 6.4

The Site Mailer – SMTP Replacement, Email API Deliverability & Email Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Vendor

Elementor

Product

Site Mailer

CWE

CWE-79

Yayın Tarihi

2025-02-28 13:15:27

Güncelleme

2025-03-06 15:09:58

Source Identifier

security@wordfence.com

KEV Date Added

Kategoriler

CWE-79 Site Mailer MEDIUM Elementor 2025

Referanslar

https://plugins.trac.wordpress.org/changeset/3247059/ https://wordpress.org/plugins/site-mailer/#developers https://www.wordfence.com/threat-intel/vulnerabilities/id/c9fe3574-f338-474c-af78-f843501d422c?source=cve

Benzer Kayıtlar

Medium

CVE-2025-8081

The Elementor plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.30.2 via…

Medium

CVE-2025-3075

The Elementor Website Builder – More Than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Sc…

Medium

CVE-2025-3076

The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘button_text…

Medium

CVE-2024-54444

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elementor Elemento…

Medium

CVE-2024-13445

The Elementor Website Builder – More Than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Sc…

Medium

CVE-2024-8494

The Elementor Website Builder Pro plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions u…