CVE-2024-4483
- EPSS 0.29%
- Veröffentlicht 29.07.2024 06:15:02
- Zuletzt bearbeitet 29.05.2025 17:34:54
The Email Encoder WordPress plugin before 2.2.2 does not escape the WP_Email_Encoder_Bundle_options[protection_text] parameter before outputting it back in an attribute in an admin page, leading to a Stored Cross-Site Scripting
CVE-2024-1282
- EPSS 0.19%
- Veröffentlicht 29.02.2024 01:43:46
- Zuletzt bearbeitet 04.03.2025 12:24:19
The Email Encoder – Protect Email Addresses and Phone Numbers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 2.2.0 due to insufficient input sanitization and outpu...
CVE-2023-7070
- EPSS 0.16%
- Veröffentlicht 11.01.2024 09:15:55
- Zuletzt bearbeitet 21.11.2024 08:45:11
The Email Encoder – Protect Email Addresses and Phone Numbers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's eeb_mailto shortcode in all versions up to, and including, 2.1.9 due to insufficient input sanitization a...
CVE-2023-47821
- EPSS 0.08%
- Veröffentlicht 22.11.2023 23:15:10
- Zuletzt bearbeitet 21.11.2024 08:30:52
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jannis Thuemmig Email Encoder plugin <= 2.1.8 versions.