Lucene search
WPScanCVELIST:CVE-2021-25080HistoryJan 24, 2022 - 8:01 a.m.
CVE-2021-25080 Contact Form Entries < 1.1.7 - Unauthenticated Stored Cross-Site Scripting
2022-01-2408:01:28
CWE-79
WPScan
www.cve.org
0.001 Low
EPSS
Percentile
31.8%
The Contact Form Entries WordPress plugin before 1.1.7 does not validate, sanitise and escape the IP address retrieved via headers such as CLIENT-IP and X-FORWARDED-FOR, allowing unauthenticated attackers to perform Cross-Site Scripting attacks against logged in admins viewing the created entry
CNA Affected
[
{
"product": "Contact Form Entries – Contact Form 7, WPforms and more",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.1.7",
"status": "affected",
"version": "1.1.7",
"versionType": "custom"
}
]
}
]Related
cve
cve
CVE-2021-25080
2022-01-24 08:15:09
nvd
nvd
CVE-2021-25080
2022-01-24 08:15:09
packetstorm
packetstorm
WordPress Contact Form Entries 1.1.6 Cross Site Scripting
2022-01-05 00:00:00
WordPress CRM Form Entries Cross Site Scripting
2022-01-03 00:00:00
exploitdb
exploitdb
prion
prion
Cross site scripting
2022-01-24 08:15:00
zdt
zdt
WordPress CRM Form Entries 1.1.6 - Cross Site Scripting Vulnerability
2022-01-03 00:00:00
cnvd
cnvd
WordPress CRM Form Entries Plugin Cross-Site Scripting Vulnerability
2022-01-06 00:00:00
checkpoint_advisories
checkpoint_advisories