CVE-2024-10103

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-10103

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-10103.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-10103

Published

2024-11-19T06:15:17.740Z

Modified

2026-04-10T05:08:02.621743Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

In the process of testing the MailPoet WordPress plugin before 5.3.2, a vulnerability was found that allows you to implement Stored XSS on behalf of the editor by embedding malicious script, which entails account takeover backdoor

References

https://wpscan.com/vulnerability/89660883-5f34-426a-ad06-741c0c213ecc/

Affected packages

Git / github.com/mailpoet/mailpoet

Affected ranges

Type

GIT

Repo

https://github.com/mailpoet/mailpoet

Events

Introduced

Fixed

667834501ced23978f2746fc037ac97878014080

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "5.3.2"
        }
    ]
}

Affected versions

0.*

0.0.1

0.0.10

0.0.11

0.0.12

0.0.13

0.0.14

0.0.15

0.0.16

0.0.17

0.0.18

0.0.19

0.0.2

0.0.20

0.0.21

0.0.22

0.0.23

0.0.24

0.0.25

0.0.26

0.0.27

0.0.28

0.0.29

0.0.3

0.0.30

0.0.31

0.0.32

0.0.33

0.0.34

0.0.35

0.0.36

0.0.37

0.0.38

0.0.39

0.0.4

0.0.40

0.0.41

0.0.42

0.0.43

0.0.44

0.0.45

0.0.46

0.0.47

0.0.48

0.0.49

0.0.5

0.0.50

0.0.6

0.0.7

0.0.8

0.0.9

3.*

3.0.0

3.0.0-beta.1

3.0.0-beta.10

3.0.0-beta.11

3.0.0-beta.12

3.0.0-beta.13

3.0.0-beta.14

3.0.0-beta.15

3.0.0-beta.16

3.0.0-beta.17

3.0.0-beta.18

3.0.0-beta.19

3.0.0-beta.2

3.0.0-beta.20

3.0.0-beta.21

3.0.0-beta.22

3.0.0-beta.23

3.0.0-beta.23.1

3.0.0-beta.23.2

3.0.0-beta.24

3.0.0-beta.25

3.0.0-beta.26

3.0.0-beta.27

3.0.0-beta.28

3.0.0-beta.29

3.0.0-beta.3

3.0.0-beta.30

3.0.0-beta.31

3.0.0-beta.32

3.0.0-beta.33

3.0.0-beta.33.1

3.0.0-beta.34.0.0

3.0.0-beta.35.0.0

3.0.0-beta.36.0.0

3.0.0-beta.36.0.1

3.0.0-beta.36.1.0

3.0.0-beta.36.2.0

3.0.0-beta.36.3.0

3.0.0-beta.36.3.1

3.0.0-beta.37.0.0

3.0.0-beta.4

3.0.0-beta.5

3.0.0-beta.6

3.0.0-beta.7

3.0.0-beta.7.1

3.0.0-beta.8

3.0.0-beta.9

3.0.0-rc.1.0.0

3.0.0-rc.1.0.1

3.0.0-rc.1.0.2

3.0.0-rc.1.0.3

3.0.0-rc.1.0.4

3.0.0-rc.2.0.0

3.0.0-rc.2.0.1

3.0.0-rc.2.0.2

3.0.0-rc.2.0.3

3.0.1

3.0.2

3.0.3

3.0.4

3.0.5

3.0.6

3.0.7

3.0.8

3.0.9

3.1.0

3.10

3.10.1

3.11.0

3.11.1

3.11.2

3.11.3

3.12.0

3.12.1

3.14.0

3.15.0

3.16.2

3.16.3

3.17.0

3.17.1

3.17.2

3.18.1

3.18.2

3.19.0

3.19.2

3.19.3

3.2.0

3.2.1

3.2.2

3.2.3

3.2.4

3.2.5

3.21.0

3.21.1

3.23.0

3.23.1

3.23.2

3.24.0

3.3.0

3.3.1

3.3.2

3.3.3

3.3.4

3.3.5

3.3.6

3.4.0

3.4.1

3.4.2

3.4.3

3.4.4

3.5.0

3.5.1

3.6.0

3.6.1

3.6.2

3.6.3

3.6.4

3.6.5

3.6.6

3.6.7

3.7.0

3.7.1

3.7.2

3.7.3

3.7.4

3.7.5

3.7.6

3.7.7

3.7.8

3.8

3.8.1

3.8.2

3.8.3

3.8.4

3.8.5

3.8.6

3.9.0

3.9.1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-10103.json"