WordPress WP Ultimate Email Marketer Plugin Cross Site Scripting and Security Bypass Vulnerabilities
The WP Ultimate Email Marketer plugin for WordPress is prone to multiple cross-site scripting vulnerabilities and multiple security-bypass vulnerabilities.
An attacker may leverage the cross-site scripting issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
The attacker may leverage the security bypass issues to gain unauthorized access to the affected application and perform certain malicious actions.
WP Ultimate Email Marketer version 1.1.0 is available; other versions may also be affected.