5 matches found
CVE-2014-7139
Multiple cross-site scripting XSS vulnerabilities in the Contact Form DB aka CFDB and contact-form-7-to-database-extension plugin before 2.8.16 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 form or 2 enc parameter in the CF7DBPluginShortCodeBuilder page to...
CVE-2014-7139
CVE-2014-7139 documents two XSS vulnerabilities in the WordPress plugin Contact Form DB (aka CFDB/contact-form-7-to-database-extension) up to version 2.8.13. The root cause is insufficient sanitization in the CF7DBPluginShortCodeBuilder page, allowing an attacker to craft GET parameters (form and...
WordPress Contact Form DB 2.8.13 Cross Site Scripting
Advisory ID: HTB23233 Product: Contact Form DB WordPress plugin Vendor: Michael Simpson Vulnerable Versions: 2.8.13 and probably prior Tested Version: 2.8.13 Advisory Publication: September 17, 2014 without technical details Vendor Notification: September 17, 2014 Vendor Patch: September 25, 2014...
WordPress Contact Form DB 2.8.13 Cross Site Scripting Vulnerability
WordPress Contact Form DB plugin version 2.8.13 suffers from a cross site scripting vulnerability. Product: Contact Form DB WordPress plugin Vendor: Michael Simpson Vulnerable Versions: 2.8.13 and probably prior Tested Version: 2.8.13 Advisory Publication: September 17, 2014 without technical...
Two XSS in Contact Form DB WordPress plugin
High-Tech Bridge Security Research Lab discovered two XSS vulnerabilities in Contact Form DB WordPress plugin, which can be exploited to perform Cross-Site Scripting XSS attacks against administrator of a WordPress website with vulnerable plugin installed. 1 Two Cross-Site Scripting XSS...