3 matches found
WordPress Contact Form Email Plugin < 1.3.38 is vulnerable to Cross Site Scripting (XSS)
Software Contact Form Email Type Plugin Vulnerable versions 1.3.38 Fixed in 1.3.38 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2718 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 3c1617231fe6 Credits Andreas Damen...
CVE-2023-2718
The CVE-2023-2718 entry covers the WordPress plugin Contact Form Email, affected versions prior to 1.3.38, which fails to escape submitted values before HTML output, causing an unauthenticated Stored XSS. Root cause: input is echoed without escaping. Impact: stored XSS on pages rendering form sub...
CVE-2023-2718 Contact Form Email < 1.3.38 - Unauthenticated Stored Cross-Site Scripting
The Contact Form Email WordPress plugin before 1.3.38 does not escape submitted values before displaying them in the HTML, leading to a Stored XSS vulnerability...