An XSS vulnerability in the "Email Subscribers & Newsletters" plugin 4.1.6 for WordPress allows an malicious user to inject malicious JavaScript code through a publicly available subscription form using the esfpx_name wp-admin/admin-ajax.php POST parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
icegram email subscribers \\& newsletters 4.1.6 |