CVE-2015-9409

Name of the Vulnerable Software and Affected Versions alo-easymail plugin versions prior to 2.6.01

Description The issue concerns a CSRF vulnerability that leads to XSS in the alo-easymail plugin for WordPress, specifically affecting the pages/alo-easymail-admin-options.php page. The pages/alo-easymail-admin-options.php page is vulnerable due to the lack of proper CSRF protection, allowing an attacker to perform actions on behalf of a user and potentially execute malicious scripts.

Recommendations For versions prior to 2.6.01, update to version 2.6.01 or later to resolve the issue. As a temporary workaround, consider restricting access to the pages/alo-easymail-admin-options.php page to minimize the risk of exploitation.