An issue was discovered in the WP Mail plugin before 1.2 for WordPress. The replyto parameter when composing a mail allows for a reflected XSS. This would allow you to execute JavaScript in the context of the user receiving the mail.Referenceshttps://cjc.im/advisories/0006/http://www.securityfocus.com/bid/96211
