This alert was generated using only banner information. It may be a false positive.
The PHP mail function does not properly sanitize user input. Because of this, a user may pass ASCII control characters to the mail() function that could alter the headers of email. This could result in spoofed mail headers.
Affected PHP versions (up to 4.2.2).
- Upgrade PHP to the latest version.
- WordPress Plugin JC Coupon Cross-Site Scripting (2.5)
- WordPress Plugin Google Pagespeed Insights Cross-Site Scripting (3.0.0)
- WordPress Plugin Visual Form Builder Multiple Cross-Site Scripting Vulnerabilities (2.8.6)
- WordPress 4.4.x Multiple Vulnerabilities (4.4 - 4.4.1)
- WordPress Plugin 123devis-affiliation Cross-Site Scripting (1.0.4)