CVE-2019-9646
CVE-2019-9646 concerns the WordPress plugin Contact Form Email (versions before 1.2.66). The flaw is an XSS in wp-admin/admin.php via the item parameter in the "custom edition area", tracked to cp_admin_int_edition.inc.php. Impact: potential JavaScript execution in the admin context. Remediation:...