2 matches found
CVE-2026-1045
CVE-2026-1045 : The Viet contact plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to 1.3.2. The issue arises from insufficient input sanitization and output escaping, allowing an authenticated attacker with administrator-level permissions (an...
CVE-2026-1045 Viet contact <= 1.3.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'll1', 'll2', 'll3', and 'll4' Parameters
The Viet contact plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions an...