Cross-Site Scripting Vulnerability in eelv-newsletter Plugin for WordPress
CVE-2017-18522
6.1MEDIUM
What is CVE-2017-18522?
The eelv-newsletter plugin for WordPress prior to version 4.6.1 contains a vulnerability that allows an attacker to exploit cross-site scripting (XSS) in the address book functionality. This flaw could lead to unauthorized script execution in the context of the user's session, potentially compromising sensitive information and enabling malicious activities within the site.