WordPress Plugin Vulnerabilities

ThreeWP Email Reflector 1.13 - Subject Field XSS

Description

The threewp-email-reflector WordPress plugin was affected by a Subject Field XSS security vulnerability.

Affects Plugins

Plugin icon
threewp-email-reflector
Fixed in 1.16

References

CVE
CVE-2012-2572
Exploitdb
20365

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Verified
No
WPVDB ID
737fb995-641e-477c-9402-6995da680f4b

Timeline

Publicly Published
2014-08-01 (about 11 years ago)
Added
2014-08-01 (about 11 years ago)
Last Updated
2019-10-21 (about 6 years ago)

Other

Published
Title
Published
2024-04-25
Title
PopupAlly < 2.1.2 - Admin+ Stored XSS
Published
2021-08-09
Title
SpeakOut! Email Petitions < 2.13.3 - Reflected Cross-Site Scripting
Published
2024-07-11
Title
WP Event Aggregator < 1.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2021-09-20
Title
WordPress to Hootsuite (< 1.3.9) & Buffer (< 3.7.5) - Reflected Cross-Site Scripting
Published
2025-06-13
Title
Slider, Gallery, and Carousel by MetaSlider < 3.99.0 - Contributor+ Stored XSS via aria-label Parameter