2 matches found
CVE-2022-0248 Contact Form Submissions < 1.7.3 - Unauthenticated Stored XSS
The Contact Form Submissions WordPress plugin before 1.7.3 does not sanitise and escape additional fields in contact form requests before outputting them in the related submission. As a result, unauthenticated attacker could perform Cross-Site Scripting attacks against admins viewing the maliciou...
CVE-2022-0248
The CVE-2022-0248 affects the WordPress plugin Contact Form Submissions prior to v1.7.3. The root cause is failure to sanitize/escape additional fields in contact form submissions, allowing unauthenticated attackers to trigger Cross-Site Scripting (XSS) when admins view a malicious submission. Pu...