MailPoet – Newsletters, Email Marketing, and Automation, CVE-2019-11843

CVE, Research URL: CVE-2019-11843
Home page URL: Security reports for MailPoet – Newsletters, Email Marketing, and Automation
Application: MailPoet – Newsletters, Email Marketing, and Automation
Published on: Jun 02, 2020
Research Description: The MailPoet plugin before 3.23.2 for WordPress allows remote attackers to inject arbitrary web script or HTML using extra parameters in the URL (Reflective Server-Side XSS).
Affected versions: max 3.23.2.
Status: vulnerable

MailPoet &#8211; Newsletters, Email Marketing, and Automation, CVE-2019-11843