CVE-2014-4527
CVE-2014-4527
Multiple cross-site scripting (XSS) vulnerabilities in paginas/vista-previa-form.php in the EnvialoSimple: Email Marketing and Newsletters (envialosimple-email-marketing-y-newsletters-gratis) plugin before 1.98 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) FormID or (2) AdministratorID parameter.
Productos afectados
n/a · n/a¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
http://codevigilant.com/disclosure/wp-plugin-envialosimple-email-marketing-y-newsletters-gratis-a3-cross-site-scripting-xsshttps://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=843064%40envialosimple-email-marketing-y-newsletters-gratis&old=839677%40envialosimple-email-marketing-y-newsletters-gratis&sfp_email=&sfph_mail=