WordPress WP Contact Plugin <= 1.0 - Multiple XSS

2014-06-2300:00:00

Prajal Kulkarni

patchstack.com

0.001 Low

EPSS

Percentile

49.8%

Because of these vulnerabilities in forms/messages.php, the attackers can inject arbitrary web script or HTML.

Solution

           Update the plugin.

CPENameOperatorVersion
wp contactle1.0

CPE	Name	Operator	Version
	wp contact	le	1.0

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4583

0.001 Low

EPSS

Percentile

49.8%

Related for PATCHSTACK:4C3F01005A68732AAF9ED6511E7838F8