WordPress is a set of blogging platforms developed by the WordPress Foundation using the PHP language. WordPress Contact Form 7 Skins plugin in version 2.5.0 and earlier has a cross-site scripting vulnerability that stems from the tab parameter not being escaped before being output to the admin page, which can be exploited by attackers to client-side execution of JavaScript code.
CPE | Name | Operator | Version |
---|---|---|---|
WordPress Contact Form 7 Skins plugin | le | 2.5.0 |