CVE-2014-4600

Multiple cross-site scripting XSS vulnerabilities in contact/edit.php in the WP Ultimate Email Marketer plugin 1.1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 listname or 2 contact parameter...