CVE-2012-6627

Name of the Vulnerable Software and Affected Versions Newsletter Manager plugin versions 1.0.2 and earlier for WordPress

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the id parameter in the admin/test mail.php file. This could potentially lead to unauthorized actions on the affected system.

Recommendations For Newsletter Manager plugin versions 1.0.2 and earlier, consider disabling access to the admin/test mail.php file until a patch is available. Avoid using the id parameter in the affected file to minimize the risk of exploitation.