Really Simple Security logo

Log out
Get PRO

Black Friday Deals 40% OFF

Days
Hours
Minutes

USE CODE: BF2025

Latest

Input validation vulnerability in WP Mailto Links – Protect Email Addresses 3.1.3

  • Severity: medium-risk
  • Status: Open
  • Publication: September 22, 2023

The WP Mailto Links – Protect Email Addresses plugin for WordPress is vulnerable to a type of cyber attack known as Stored Cross-Site Scripting. In versions up to, and including, 3.1.3, this attack was possible because the plugin did not properly filter and check information that users input into certain parts of the plugin. This allowed attackers with certain permissions to insert malicious web scripts into pages which would then be run whenever someone accessed the page. A partial fix was released with version 3.1.3 and a full fix was released with version 3.1.4.

Detected in:

WP Mailto Links – Protect Email Addresses open vulnerable versions: >= * <= 3.1.3

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.