CVE-2015-9409

The alo-easymail plugin before 2.6.01 for WordPress has CSRF with resultant XSS in pages/alo-easymail-admin-options.php.
Source: NIST
CVE-2015-9409