CVE-2014-4527
02.07.2014, 18:55
Multiple cross-site scripting (XSS) vulnerabilities in paginas/vista-previa-form.php in the EnvialoSimple: Email Marketing and Newsletters (envialosimple-email-marketing-y-newsletters-gratis) plugin before 1.98 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) FormID or (2) AdministratorID parameter.
| Vendor | Product | Version |
|---|---|---|
| envialosimple | email_marketing_y_newsletters | 𝑥 ≤ 1.97 |
𝑥
= Vulnerable software versions
References