CVE-2014-4527

EnvialoSimple: Email Marketing and Newsletters - WordPress <1.98 - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in paginas/vista-previa-form.php in the EnvialoSimple: Email Marketing and Newsletters (envialosimple-email-marketing-y-newsletters-gratis) plugin before 1.98 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) FormID or (2) AdministratorID parameter.

References (2)

[Product] https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=843064%40envialosimple-email-marketing-y-newsletters-gratis&old=839677%40envialosimple-email-marketing-y-newsletters-gratis&sfp_email=&sfph_mail=

[Exploit] http://codevigilant.com/disclosure/wp-plugin-envialosimple-email-marketing-y-newsletters-gratis-a3-cross-site-scripting-xss

Scores

EPSS 0.0017

EPSS Percentile 38.7%

Details

CWE

CWE-79

Status published

Products (2)

envialosimple/email_marketing_y_newsletters < 1.97

n/a/n/a

Published Jul 02, 2014

Tracked Since Feb 18, 2026