CVE-2016-10970 (supportflow)

The supportflow plugin before 0.7 for WordPress has XSS via a ticket excerpt.

View Full Alert