Multiple Cross-Site Scripting (XSS) Vulnerabilities in EnvialoSimple WordPress Plugin

Multiple Cross-Site Scripting (XSS) Vulnerabilities in EnvialoSimple WordPress Plugin

CVE-2014-4527 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in paginas/vista-previa-form.php in the EnvialoSimple: Email Marketing and Newsletters (envialosimple-email-marketing-y-newsletters-gratis) plugin before 1.98 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) FormID or (2) AdministratorID parameter.

Learn more about our Wordpress Pen Testing.