cleantalk
Vulnerabilities and Security Researches

Email Address Encoder, 5a1480bc02cf3955b174dd72b4b68afadd952c10

CVE, Research URL

5a1480bc02cf3955b174dd72b4b68afadd952c10

Home page URL

Security reports for Email Address Encoder

Application

Email Address Encoder

Published on
Nov 28, 2023
Research Description
Email Address Encoder [email-address-encoder] < 1.0.23 Email Address Encoder 1.0.22 - Authenticated (Contributor+) Stored Cross-Site Scripting The Email Address Encoder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's eae_shortcode shortcode in version 1.0.22 due to insufficient input sanitization and output escaping on the 'link' user supplied attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
max 1.0.23.
Status
vulnerable
Previous vulnerability researches
Email Address Encoder (CVE-2024-43927) , Aug 28, 2024
Email Address Encoder (CVE-2026-5305) , Jun 09, 2026
Email Address Encoder (CVE-2023-48765) , Jun 07, 2024
Email Address Encoder (5a1480bc02cf3955b174dd72b4b68afadd952c10) , Jun 07, 2024
New vulnerability
Drag and Drop Multiple File Upload &#8211; Contact Form 7 (CVE-2026-49055) , Jun 10, 2026
FV Flowplayer Video Player (CVE-2026-49773) , Jun 10, 2026
FV Flowplayer Video Player (CVE-2026-7556) , Jun 10, 2026
GamiPress &#8211; The #1 gamification plugin to reward points, achievements, badges &amp; ranks in WordPress (CVE-2026-48874) , Jun 10, 2026
Stop Spammers Security | Block Spam Users, Comments, Forms (CVE-2026-48876) , Jun 10, 2026