The Mailtree Log Mail plugin for WordPress, up to and including version 1.0.0, is vulnerable to unauthenticated attackers injecting malicious web scripts into pages. This is possible because the plugin does not properly sanitize and escape input from the email subject field. These malicious scripts will run each time someone views the page with the injected code.
This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!
Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:
> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21
Is this information incorrect? Please leave us a message.
