This vulnerability has been discovered and reported by Carl Clegg (carl(at)cjc(dot)im)
WP Mail plugin is simply a wp network mail or message system. User can send mail or messages to other users over one wp network.
WP Mail <= 1.2
replyto parameter when composing a mail allows for a reflected XSS.
$replyTo = isset($_GET['replyto']) ? $_GET['replyto'] : ''; ... <input type="text" class="form-control" placeholder="Enter receiver's wordpress email" name="reciever_mail" required="required" value="<?php echo !empty($replyTo) ? $replyTo : $to; ?>">
alert(1) but could be used to run something more malicious
Upgrade to version 1.2
The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise.