CVE-2012-2572
Cross-site scripting (XSS) vulnerability in the ThreeWP Email Reflector plugin before 1.16 for WordPress allows remote attackers to inject arbitrary web script or HTML via the Subject of an email.
View on NVDSeverity
N/A
EPSS
Probability of exploitation (next 30 days): 0.0163 (1.6%)
Percentile: 82.0%
EPSS: 2026-05-06
Affects
mindreantre:threewp_email_reflectorTechnical description
Cross-site scripting (XSS) vulnerability in the ThreeWP Email Reflector plugin before 1.16 for WordPress allows remote attackers to inject arbitrary web script or HTML via the Subject of an email.
Published: 6/19/2014, 2:55:07 PM
Last modified: 5/6/2026, 10:30:45 PM
References
- http://osvdb.org/show/osvdb/85134
- http://wordpress.org/plugins/threewp-email-reflector/changelog
- http://www.exploit-db.com/exploits/20365
- http://www.securityfocus.com/bid/54903
- https://exchange.xforce.ibmcloud.com/vulnerabilities/77502
- http://osvdb.org/show/osvdb/85134
- http://wordpress.org/plugins/threewp-email-reflector/changelog
- http://www.exploit-db.com/exploits/20365