Vulnerabilities and security researches foremail-address-encoder email-address-encoder

Jun 07, 2024

CVE, Research URL: CVE-2023-48765
Home page URL: Security reports for Email Address Encoder
Application: Email Address Encoder
Date: Dec 15, 2023
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Till Krüss Email Address Encoder allows Stored XSS.This issue affects Email Address Encoder: from n/a through 1.0.22.
Affected versions: max 1.0.23.
Status: vulnerable

CVE, Research URL: 5a1480bc02cf3955b174dd72b4b68afadd952c10
Home page URL: Security reports for Email Address Encoder
Application: Email Address Encoder
Date: Nov 28, 2023
Research Description: Email Address Encoder [email-address-encoder] < 1.0.23 Email Address Encoder 1.0.22 - Authenticated (Contributor+) Stored Cross-Site Scripting The Email Address Encoder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's eae_shortcode shortcode in version 1.0.22 due to insufficient input sanitization and output escaping on the 'link' user supplied attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: max 1.0.23.
Status: vulnerable

Aug 28, 2024

CVE, Research URL: CVE-2024-43927
Home page URL: Security reports for Email Address Encoder
Application: Email Address Encoder
Date: Jan 02, 2025
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in Till Krüss Email Address Encoder allows Cross Site Request Forgery.This issue affects Email Address Encoder: from n/a through 1.0.23.
Affected versions: max 1.0.24.
Status: vulnerable

Jun 09, 2026

CVE, Research URL: CVE-2026-5305
Home page URL: Security reports for Email Address Encoder
Application: Email Address Encoder
Date: -
Research Description: Email Address Encoder [email-address-encoder] < 1.0.25 CVE-2026-5305
Affected versions: max 1.0.25.
Status: vulnerable