Lucene search

K

CVE-2023-2300

🗓️ 03 Jun 2023 05:09:15Reported by WordfenceType 
cve
 cve
🔗 web.nvd.nist.gov👁 27 Views

The Contact Form Builder by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'email' parameter in versions up to, and including, 4.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with the edit_posts capability, such as contributors and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page

Show more
Related
Detection
Affected
Refs
Nvd
Vulners
Node
[
  {
    "vendor": "eyale-vc",
    "product": "Contact Form Builder by vcita",
    "versions": [
      {
        "version": "*",
        "status": "affected",
        "lessThanOrEqual": "4.9.1",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
03 Jun 2023 05:15Current
5.2Medium risk
Vulners AI Score5.2
CVSS35.4 - 6.4
EPSS0.001
SSVC
27
.json
Report