Back
WordPress Email Marketing and Newsletters Plugin <= 1.97 - Multiple XSS
- Product
- Email Marketing and Newsletters
- Description
- Because of these vulnerabilities, the attackers can inject arbitrary web script or HTML via the "FormID" or "AdministratorID" parameters.
- Solution
- Update the plugin.
- Classification
-
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
- References
-
CVE Mitre
- CVE
- Name CVE-2014-4527
- Versions
-
Affected In
<= 1.97
Fixed In 1.98
- Disclosure date
- 2014-06-23
- Credits
- Prajal Kulkarni