CVE-2021-38329

The DJ EmailPublish WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /dj-email-publish.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.7.2...

WordPress DJ EmailPublish plugin <= 1.7.2 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress DJ EmailPublish plugin versions = 1.7.2. Solution This plugin has been closed as of September 7, 2021 and is not available for download. This closure is temporary, pending a full review...