Vulnerabilities

CVE-2014-4527

by Fred · 02/07/2014

Multiple cross-site scripting (XSS) vulnerabilities in paginas/vista-previa-form.php in the EnvialoSimple: Email Marketing and Newsletters (envialosimple-email-marketing-y-newsletters-gratis) plugin before 1.98 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) FormID or (2) AdministratorID parameter.

Date published : 2014-07-02

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=843064%40envialosimple-email-marketing-y-newsletters-gratis&old=839677%40envialosimple-email-marketing-y-newsletters-gratis&sfp_email=&sfph_mail=

http://codevigilant.com/disclosure/wp-plugin-envialosimple-email-marketing-y-newsletters-gratis-a3-cross-site-scripting-xss

Similar

Tags: Cybersecurity Alert