CVE-2017-18522

The eelv-newsletter plugin before 4.6.1 for WordPress has XSS in the address book.