The Email Encoder WordPress plugin before version 2.4.7 fails to properly escape email addresses obtained from user input, enabling unauthenticated attackers to inject and execute malicious scripts in the context of other users' browsers. This Stored Cross-Site Scripting (XSS) vulnerability requires user interaction to trigger, as victims must view the malicious content. The CVSS 3.1 score of 6.1 reflects [truncated]
CVE-2024-7083 is a stored cross-site scripting (XSS) vulnerability in the Email Encoder WordPress plugin, affecting versions prior to 2.3.4. The plugin fails to sanitize and escape certain settings, allowing high-privilege users such as administrators to inject malicious scripts. This vulnerability is notable because it can be exploited even when the unfiltered_html capability is disallowed, a configurati [truncated]
