CVE-2012-2583
Description
Cross-site scripting (XSS) vulnerability in Mini Mail Dashboard Widget plugin 1.42 for WordPress allows remote attackers to inject arbitrary web script or HTML via the body of an email.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Mini Mail Dashboard Widget 1.42 for WordPress is vulnerable to stored XSS via email body, allowing arbitrary script injection.
Vulnerability
Mini Mail Dashboard Widget plugin version 1.42 for WordPress suffers from a stored cross-site scripting (XSS) vulnerability in the email body field. The plugin does not sanitize the body of incoming emails before displaying them in the dashboard widget, allowing an attacker to inject arbitrary web script or HTML. Affected version: 1.42 [1].
Exploitation
An attacker can send an email containing a malicious script in the body to the mailbox monitored by the plugin. The victim must be logged into WordPress and navigate to the dashboard widget, then click 'view in HTML' to trigger the XSS. No authentication is required to send the email, but the victim must have access to the WordPress admin dashboard [1].
Impact
Successful exploitation allows arbitrary script execution in the context of the victim's WordPress admin session. This can lead to session hijacking, defacement, theft of sensitive data, or further compromise of the WordPress installation [1].
Mitigation
Upgrade to version 1.43, released on 14 July 2012, which fixes the vulnerability. No workarounds are documented [1].
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- cpe:2.3:a:mini_mail_dashboard_widget_project:mini_mail_dashboard_widget:1.42:*:*:*:*:wordpress:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4News mentions
0No linked articles in our index yet.