2 matches found
CVE-2020-11516
Stored XSS in the Contact Form 7 Datepicker plugin through 2.6.0 for WordPress allows authenticated attackers with minimal permissions to save arbitrary JavaScript to the plugin's settings via the unprotected wpajaxcf7dpsavesettings AJAX action and the uitheme parameter. If an administrator creat...
CVE-2020-11516
The CVE-2020-11516 entry refers to a stored XSS in the WordPress plugin “Contact Form 7 Datepicker” up to version 2.6.0. The vulnerability arises from saving settings via the unprotected wp_ajax_cf7dp_save_settings AJAX action and the ui_theme parameter, enabling an authenticated user with minima...