Medium severity6.1NVD Advisory· Published Jul 28, 2019· Updated Jun 17, 2026
CVE-2019-14364
CVE-2019-14364
Description
An XSS vulnerability in the "Email Subscribers & Newsletters" plugin 4.1.6 for WordPress allows an attacker to inject malicious JavaScript code through a publicly available subscription form using the esfpx_name wp-admin/admin-ajax.php POST parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/Email Subscribers & Newslettersdescription
- Range: <=4.1.6
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.