MEDIUM
Wp Mail Project
CVE published 2017-02-10
CVE-2017-5942
CVE-2017-5942 is a reflected cross-site scripting issue in the WP Mail plugin for WordPress affecting versions before 1.2. The vulnerable replyto parameter can be used while composing mail to inject script that executes in the browser context of the user receiving the mail. NVD classifies the weakness as CWE-79 and rates the issue as medium severity with network access and user interaction required.