CVE-2012-2579

Name of the Vulnerable Software and Affected Versions WP SimpleMail plugin version 1.0.6

Description The issue allows remote attackers to inject arbitrary web script or HTML via the To, From, Date, or Subject field of an email, potentially leading to cross-site scripting (XSS) attacks.

Recommendations For WP SimpleMail plugin version 1.0.6, consider updating to a newer version that addresses this issue, as using outdated versions may expose users to XSS attacks. If no update is available, restrict access to email composition fields to minimize the risk of exploitation. Avoid using the To, From, Date, or Subject fields in emails until the issue is resolved.