WordPress Email Marketing and Newsletters Plugin <= 1.97

Back

WordPress Email Marketing and Newsletters Plugin <= 1.97 - Multiple XSS

Product: Email Marketing and Newsletters
Description: Because of these vulnerabilities, the attackers can inject arbitrary web script or HTML via the "FormID" or "AdministratorID" parameters.
Solution: Update the plugin.
Classification: Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References: CVE Mitre
CVE: Name CVE-2014-4527
Versions: Affected In <= 1.97
Fixed In 1.98
Disclosure date: 2014-06-23
Credits: Prajal Kulkarni