3 matches found
WordPress Contact Form and Calls To Action by vcita Plugin <= 2.7.1 is vulnerable to Cross Site Scripting (XSS)
Software Contact Form and Calls To Action by vcita Type Plugin Vulnerable versions = 2.7.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2303 Patch priority Low CVSS severity Low 6.1 Developer Claim ownership PSID 7cc1d9903a62 Credits...
CVE-2023-2303 Contact Form and Calls To Action by vcita <= 4.10.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting
The Contact Form and Calls To Action by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.10.5. This is due to missing nonce validation in the vcita-callback.php file. This makes it possible for unauthenticated attackers to modify the...
CVE-2023-2303
CVE-2023-2303 affects the WordPress plugin “Contact Form and Calls To Action by vcita.” The vulnerability is a Cross-Site Request Forgery caused by missing nonce validation in vcita-callback.php, allowing unauthenticated attackers to modify plugin settings and inject malicious JavaScript by convi...