The plugin does not properly sanitize and escape input in the email subject, leading to potential Stored Cross-Site Scripting issues. This flaw allows the injection of arbitrary web scripts that are executed whenever an injected page is accessed.
CPE | Name | Operator | Version |
---|---|---|---|
wp-reroute-email | lt | 1.5.0 |