CVE-2012-2572 Information

Description

Cross-site scripting (XSS) vulnerability in the ThreeWP Email Reflector plugin before 1.16 for WordPress allows remote attackers to inject arbitrary web script or HTML via the Subject of an email.

Reference

http://osvdb.org/show/osvdb/85134 http://wordpress.org/plugins/threewp-email-reflector/changelog http://www.exploit-db.com/exploits/20365 http://www.securityfocus.com/bid/54903 https://exchange.xforce.ibmcloud.com/vulnerabilities/77502