Get Started

WordPress: Stored XSS Vulnerability via Email Logs in WP Test Email Plugin

by the Hossted team
17.03.2025

In Test Email Plugin for WordPress versions 1.1.8 and prior a high severity vulnerability CVE-2025-2325 was detected. This vulnerability allows unauthenticated attackers to exploit stored XSS via email logs due to insufficient sanitization and escaping, injecting arbitrary scripts that execute when users access the compromised page. To address this issue, users should upgrade WP Test Email plugin to versions 1.1.9 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-2325.

Related articles
OSSpedia
OSSpedia 19 Feb 2025 WordPress: Insecure Direct Object Reference in Education Addon for Elementor Plugin Business and Enterprise Solutions CMS WOR
OSSpedia 19 Feb 2025 WordPress: Cross-Site Request Forgery Vulnerability in DeBounce Email Validator Plugin Business and Enterprise Solutions CMS WOR
OSSpedia 19 Feb 2025 WordPress: Unauthorized Access Vulnerability in Raptive Ads Plugin Business and Enterprise Solutions CMS WOR
OSSpedia 11 Mar 2025 WordPress: Stored XSS Vulnerability in Countdown Timer Plugin Business and Enterprise Solutions CMS WOR