The plugin does not properly sanitize and escape email contents, leading to a potential Stored Cross-Site Scripting vulnerability. This issue allows for arbitrary web scripts to be injected into pages, which will execute when a user accesses an affected page.
CPE | Name | Operator | Version |
---|---|---|---|
wp-mail-log | eq | * |