4 matches found
WordPress Contact Form Builder by vcita Plugin <= 4.10.2 is vulnerable to Cross Site Scripting (XSS)
Software Contact Form Builder by vcita Type Plugin Vulnerable versions = 4.10.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2301 Patch priority Low CVSS severity Low 6.1 Developer Claim ownership PSID 8de38a056831 Credits Jonas...
CVE-2023-2301 Contact Form Builder by vcita <= 4.10.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting
The Contact Form Builder by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.10.3. This is due to missing nonce validation on the lsparsevcitacallback function. This makes it possible for unauthenticated attackers to modify the plugin's...
CVE-2023-2301 Contact Form Builder by vcita <= 4.10.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting
The Contact Form Builder by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.10.3. This is due to missing nonce validation on the lsparsevcitacallback function. This makes it possible for unauthenticated attackers to modify the plugin's...
CVE-2023-2301
CVE-2023-2301 affects the WordPress plugin Contact Form Builder by vcita (versions up to 4.9.1). The issue is a Cross-Site Request Forgery caused by missing nonce validation on the ls_parse_vcita_callback function, allowing unauthenticated attackers to modify plugin settings and inject malicious ...