cleantalk
Vulnerabilities and Security Researches

Email Encoder – Protect Email Addresses and Phone Numbers, CVE-2023-4599

CVE, Research URL

CVE-2023-4599

Home page URL

Security reports for Email Encoder – Protect Email Addresses and Phone Numbers

Application

Email Encoder – Protect Email Addresses and Phone Numbers

Published on
Aug 30, 2023
Research Description
The Slimstat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'eeb_mailto' shortcode in versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
max 2.1.9.
Status
vulnerable
Previous vulnerability researches
Email Encoder – Protect Email Addresses and Phone Numbers (CVE-2024-4483) , Jul 31, 2024
Email Encoder – Protect Email Addresses and Phone Numbers (CVE-2024-1282) , Jun 06, 2024
Email Encoder – Protect Email Addresses and Phone Numbers (CVE-2021-24599) , Jun 06, 2024
Email Encoder – Protect Email Addresses and Phone Numbers (CVE-2023-4599) , Jun 06, 2024
Email Encoder – Protect Email Addresses and Phone Numbers (CVE-2023-47821) , Jun 06, 2024
New vulnerability
VI: Include Post By (CVE-2026-5717) , Apr 17, 2026
Responsive Accordion Slider (CVE-2026-0635) , Apr 17, 2026
Petje.af (CVE-2026-4002) , Apr 17, 2026
LinkedIn SC (CVE-2026-0812) , Apr 17, 2026
Coachific Shortcode (CVE-2026-4005) , Apr 17, 2026