WordPress Contact Form Builder by vcita Plugin <= 4.10.2 is vulnerable to Cross Site Scripting (XSS)

🗓️ 05 Jun 2023 00:00:00Reported by Jonas HöbenreichType

patchstack

patchstack🔗 patchstack.com👁 8 Views

WordPress Contact Form Builder by vcita Plugin <= 4.10.2 Cross Site Scripting (XSS) vulnerabilit

Reporter	Title	Published	Views	Family All 13
ATTACKERKB	CVE-2023-2301	3 Jun 202305:15	–	attackerkb
CNNVD	WordPress plugin Contact Form Builder by vcita 跨站请求伪造漏洞	3 Jun 202300:00	–	cnnvd
CVE	CVE-2023-2301	3 Jun 202304:35	–	cve
Cvelist	CVE-2023-2301 Contact Form Builder by vcita <= 4.10.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting	3 Jun 202304:35	–	cvelist
EUVD	EUVD-2023-33807	3 Oct 202520:07	–	euvd
NVD	CVE-2023-2301	3 Jun 202305:15	–	nvd
Prion	Cross site request forgery (csrf)	3 Jun 202305:15	–	prion
Positive Technologies	PT-2023-18816 · Vcita · Contact Form Builder By Vcita	3 Jun 202300:00	–	ptsecurity
RedhatCVE	CVE-2023-2301	23 May 202503:16	–	redhatcve
Vulnrichment	CVE-2023-2301 Contact Form Builder by vcita <= 4.10.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting	3 Jun 202304:35	–	vulnrichment

Vulners

Node

vcita.com contact_form_builder_by_vcitaRange≤4.10.2

Source	Link
wordpress	www.wordpress.org/plugins/contact-form-with-a-meeting-scheduler-by-vcita/
cve	www.cve.org/CVERecord
wordfence	www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/contact-form-with-a-meeting-scheduler-by-vcita/contact-form-builder-by-vcita-491-cross-site-request-forgery-to-stored-cross-site-scripting

05 Jun 2023 00:00Current

5.7Medium risk

Vulners AI Score5.7

CVSS 3.16.1

EPSS0.00306

SSVC

wordpress contact form builder vcita cross site scripting vulnerable cve-2023-2301 low severity unauthenticated access