WordPress Email on Publish plugin <= 1.5 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in dkukral Email on Publish email-on-publish allows Stored XSS.This issue affects Email on Publish: from n/a through <= 1.5.