VYPR

Email Encoder

by WordPress

Source repositories

CVEs (4)

  • CVE-2024-1282MedFeb 29, 2024
    risk 0.42cvss 6.4epss 0.00

    The Email Encoder – Protect Email Addresses and Phone Numbers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping on user supplied…

  • CVE-2023-7070MedJan 11, 2024
    risk 0.42cvss 6.4epss 0.00

    The Email Encoder – Protect Email Addresses and Phone Numbers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's eeb_mailto shortcode in all versions up to, and including, 2.1.9 due to insufficient input sanitization and output escaping on user…

  • CVE-2024-4483MedJul 29, 2024
    risk 0.35cvss 5.4epss 0.00

    The Email Encoder WordPress plugin before 2.2.2 does not escape the WP_Email_Encoder_Bundle_options[protection_text] parameter before outputting it back in an attribute in an admin page, leading to a Stored Cross-Site Scripting

  • CVE-2023-4599MedAug 30, 2023
    risk 0.35cvss 6.4epss 0.00

    The Email Encoder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'eeb_mailto' shortcode in versions up to, and including, 2.1.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for…