cleantalk
Vulnerabilities and Security Researches

MailPoet – Newsletters, Email Marketing, and Automation, CVE-2024-10103

CVE, Research URL

CVE-2024-10103

Home page URL

Security reports for MailPoet – Newsletters, Email Marketing, and Automation

Application

MailPoet – Newsletters, Email Marketing, and Automation

Published on
Nov 19, 2024
Research Description
In the process of testing the MailPoet WordPress plugin before 5.3.2, a vulnerability was found that allows you to implement Stored XSS on behalf of the editor by embedding malicious script, which entails account takeover backdoor
Affected versions
Min -, max 5.3.2.
Status
vulnerable
Previous vulnerability researches
Bounce Handler MailPoet 3 (CVE-2024-9938) , Nov 17, 2024
MailPoet – Newsletters, Email Marketing, and Automation (CVE-2019-11843) , Jun 07, 2024
MailPoet – Newsletters, Email Marketing, and Automation (CVE-2024-12743) , May 13, 2025
MailPoet – Newsletters, Email Marketing, and Automation (CVE-2024-10103) , Nov 16, 2024
New vulnerability
xili-tidy-tags (CVE-2025-47680) , May 14, 2025
Newsletters (CVE-2025-3107) , May 14, 2025
belingoGeo (CVE-2025-47603) , May 14, 2025
PSW – Login and registration (CVE-2025-47646) , May 14, 2025
ELEX WordPress HelpDesk & Customer Ticketing System (CVE-2025-47658) , May 14, 2025