CVE-2014-4600

Currently unrated

Key Information:

Vendor: Wordpress
Status: WP Ultimate Email Marketer
Vendor: CVE Published:; 2 July 2014

Summary

Multiple cross-site scripting (XSS) vulnerabilities in contact/edit.php in the WP Ultimate Email Marketer plugin 1.1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) listname or (2) contact parameter.

References

http://plugins.svn.wordpress.org/wp-ultimate-email-market...

x_refsource_MISC

http://codevigilant.com/disclosure/wp-plugin-wp-ultimate-...

x_refsource_MISC

Timeline

Vulnerability published
Jul 2, 2014
Vulnerability Reserved
Jun 23, 2014