CVE-2017-17451

Name of the Vulnerable Software and Affected Versions WP Mailster plugin versions prior to 1.5.5

Description The issue concerns a cross-site scripting (XSS) problem in the unsubscribe handler. Specifically, the mes parameter in the /view/subscription/unsubscribe2.php endpoint is vulnerable. This could potentially allow attackers to inject malicious scripts.

Recommendations For WP Mailster plugin versions prior to 1.5.5, update to version 1.5.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the /view/subscription/unsubscribe2.php endpoint to minimize the risk of exploitation. Avoid using the mes parameter in the affected endpoint until the issue is resolved.