CVE-2024-43238 – This CVE describes a reflected cross-site scrip... (How to Fix)

Q: What is the severity of CVE-2024-43238?

CVE-2024-43238 has a CVSS score of 7.1 (HIGH). This CVE describes a reflected cross-site scripting (XSS) vulnerability in the weMail WordPress plugin. Attackers can inject malicious scripts via crafted URLs that execute when victims visit those links. All WordPress sites using weMail versions up to 1.14.5 are affected.

📋 TL;DR

This CVE describes a reflected cross-site scripting (XSS) vulnerability in the weMail WordPress plugin. Attackers can inject malicious scripts via crafted URLs that execute when victims visit those links. All WordPress sites using weMail versions up to 1.14.5 are affected.

💻 Affected Systems

Products:

weDevs weMail WordPress Plugin

Versions: n/a through 1.14.5

Operating Systems: All operating systems running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: All WordPress installations with weMail plugin enabled are vulnerable regardless of configuration.

📦 What is this software?

Wemail by Wedevs

View all CVEs affecting Wemail →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal administrator session cookies, take over WordPress admin accounts, deface websites, or redirect users to malicious sites.

🟠

Likely Case

Attackers craft phishing emails with malicious links that execute scripts in victims' browsers, potentially stealing session cookies or performing actions as the logged-in user.

🟢

If Mitigated

With proper input validation and output encoding, malicious scripts would be neutralized before execution, preventing successful exploitation.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Reflected XSS vulnerabilities are commonly exploited via phishing campaigns and require user interaction to click malicious links.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.14.6 or later

Vendor Advisory: https://patchstack.com/database/vulnerability/wemail/wordpress-wemail-email-marketing-newsletter-optin-forms-subscribers-wordpress-plugin-plugin-1-14-5-cross-site-scripting-xss-vulnerability?_s_id=cve

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find weMail and click 'Update Now'. 4. Verify version is 1.14.6 or higher.

🔧 Temporary Workarounds

Disable weMail Plugin

all

Temporarily disable the vulnerable plugin until patching is possible.

wp plugin deactivate wemail

Web Application Firewall (WAF)

all

Configure WAF rules to block XSS payloads targeting weMail endpoints.

🧯 If You Can't Patch

Implement strict Content Security Policy (CSP) headers to restrict script execution sources.
Enable WordPress security plugins with XSS protection features.

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin → Plugins → Installed Plugins for weMail version. If version is 1.14.5 or lower, you are vulnerable.

Check Version:

wp plugin get wemail --field=version

Verify Fix Applied:

After updating, verify weMail version shows 1.14.6 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

Unusual GET/POST requests to weMail endpoints containing script tags or JavaScript payloads
Multiple failed login attempts following suspicious URL visits

Network Indicators:

HTTP requests containing <script>, javascript:, or other XSS payloads in query parameters
Outbound connections to suspicious domains after visiting weMail URLs

SIEM Query:

source="wordpress.log" AND (uri="*wemail*" AND (uri="*<script>*" OR uri="*javascript:*" OR uri="*onload=*"))

📊 Metadata

CVE ID: CVE-2024-43238

CVSS v3 Score: 7.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

CWE: CWE-79

Published: August 18, 2024

Last Updated: August 15, 2025

🔗 References

https://patchstack.com/database/vulnerability/wemail/wordpress-wemail-email-marketing-newsletter-optin-forms-subscribers-wordpress-plugin-plugin-1-14-5-cross-site-scripting-xss-vulnerability?_s_id=cve Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-43238, you might also want to check these: