CVE-2024-7083

· NIST NVD ↗

The Email Encoder WordPress plugin before 2.3.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

LOW
CVSS severity
3.5
CVSS base score
2026-04-20
Published

CWE codes

CWE-79

Sources