Dj Emailpublish Project - Dj Emailpublish CVE - CVE Search - CVE Details

Filtered by vendor Dj Emailpublish Project Subscribe

Filtered by product Dj Emailpublish

Total 1 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2021-38329	1 Dj Emailpublish Project	1 Dj Emailpublish	2021-09-15	4.3 MEDIUM	6.1 MEDIUM
The DJ EmailPublish WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/dj-email-publish.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.7.2.

Vulnerabilities (CVE)