CVE-2014-4527
Multiple cross-site scripting (XSS) vulnerabilities in paginas/vista-previa-form.php in the EnvialoSimple: Email Marketing and Newsletters (envialosimple-email-marketing-y-newsletters-gratis) plugin before 1.98 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) FormID or (2) AdministratorID parameter.
Ver en NVDSeveridad
N/A
EPSS
Probabilidad de explotación (próx. 30 días): 0.0017 (0.2%)
Percentil: 38.4%
EPSS: 2026-05-06
Afecta
envialosimple:email_marketing_y_newslettersDescripción técnica
Multiple cross-site scripting (XSS) vulnerabilities in paginas/vista-previa-form.php in the EnvialoSimple: Email Marketing and Newsletters (envialosimple-email-marketing-y-newsletters-gratis) plugin before 1.98 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) FormID or (2) AdministratorID parameter.
Publicada: 2/7/2014, 18:55:08
Última modificación: 6/5/2026, 22:30:45
Referencias
- http://codevigilant.com/disclosure/wp-plugin-envialosimple-email-marketing-y-newsletters-gratis-a3-cross-site-scripting-xss
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=843064%40envialosimple-email-marketing-y-newsletters-gratis&old=839677%40envialosimple-email-marketing-y-newsletters-gratis&sfp_email=&sfph_mail=
- http://codevigilant.com/disclosure/wp-plugin-envialosimple-email-marketing-y-newsletters-gratis-a3-cross-site-scripting-xss
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=843064%40envialosimple-email-marketing-y-newsletters-gratis&old=839677%40envialosimple-email-marketing-y-newsletters-gratis&sfp_email=&sfph_mail=