all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

“Never Assume Anything” – Unauthenticated Stored Cross-Site Scripting Vulnerability Exposed in 14 Email Logging Plugins

Add to bookmarks
July 18, 2023, 4:40 p.m. | Alex Thomas

Wordfence www.wordfence.com

“Never Assume Anything” – that is the 4th Guiding Principle written in the Security section of the WordPress Common APIs Handbook for developers. When it comes to WordPress plugin security, assumptions can be dangerous. This became evident when the Wordfence Threat Intelligence team discovered an Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability in 14 different email ...
Read More


The post “Never Assume Anything” – Unauthenticated Stored Cross-Site Scripting Vulnerability Exposed in 14 Email Logging Plugins appeared first on Wordfence.

apis cross-site developers email exposed handbook intelligence logging plugin plugins scripting security team threat threat intelligence vulnerabilities vulnerability wordfence wordfence intelligence wordpress wordpress plugin wordpress plugin security wordpress security written

Visit resource

More from www.wordfence.com / Wordfence

$563 Bounty Awarded for Reflected Cross-Site Scripting Vulnerability Patched in Yoast SEO WordPress Plugin 9 hours ago | www.wordfence.com
april bounty bug bug bounty +17
Wordfence Intelligence Weekly WordPress Vulnerability Report (April 22, 2024 to April 28, 2024) 4 days, 9 hours ago | www.wordfence.com
april bounty bug bug bounty +16
$197 Bounty Awarded for Unauthenticated Arbitrary Post Deletion Vulnerability Patched in LeadConnector WordPress Plugin 1 week ago | www.wordfence.com
bounty bug bug bounty deletion +16
Wordfence Intelligence Weekly WordPress Vulnerability Report (April 15, 2024 to April 21, 2024) 1 week, 4 days ago | www.wordfence.com
april bounty bug bug bounty +17
$493 Bounty Awarded for Arbitrary Options Update Vulnerability Patched in WP Datepicker WordPress Plugin 1 week, 6 days ago | www.wordfence.com
april bounty bug bug bounty +16
$2,063 Bounty Awarded for Privilege Escalation Vulnerability Patched in User Registration WordPress Plugin 2 weeks, 3 days ago | www.wordfence.com
bounty bug bug bounty disclosure +18
Wordfence Intelligence Weekly WordPress Vulnerability Report (April 8, 2024 to April 14, 2024) 2 weeks, 4 days ago | www.wordfence.com
april bounty bug bug bounty +17
$400 Bounty Awarded for SQL Injection Vulnerability Patched in WP Activity Log Premium WordPress Plugin 2 weeks, 5 days ago | www.wordfence.com
activity log bounty bug bug bounty +21
$1,250 Bounty Awarded for Unauthenticated SQL Injection Vulnerability Patched in Email Subscribers by Icegram Express … 3 weeks ago | www.wordfence.com
bounty bug bug bounty can +19

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

IT Security Engineer

@ Timocom GmbH | Erkrath, Germany
View on infosec-jobs.com

Consultant SOC / CERT H/F

@ Hifield | Sèvres, France
View on infosec-jobs.com

Privacy Engineer, Implementation Review

@ Meta | Menlo Park, CA | Seattle, WA
View on infosec-jobs.com

Cybersecurity Specialist (Security Engineering)

@ Triton AI Pte Ltd | Singapore, Singapore, Singapore
View on infosec-jobs.com

SOC Analyst

@ Rubrik | Palo Alto
View on infosec-jobs.com

Consultant Tech Advisory H/F

@ Hifield | Sèvres, France
View on infosec-jobs.com
View more jobs