alo-easymail_project vulnerabilities and exploits

4.3
CVSSv2
CVE-2015-9409

The alo-easymail plugin before 2.6.01 for WordPress has CSRF with resultant XSS in pages/alo-easymail-admin-options.php....