3 matches found
CVE-2024-2200
The Contact Form by BestWebSoft plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘cntctfrmcontactsubject’ parameter in all versions up to, and including, 4.2.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
CVE-2024-2200 Contact Form by BestWebSoft <= 4.2.8 - Reflected Cross-Site Scripting via cntctfrm_contact_subject
The Contact Form by BestWebSoft plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘cntctfrmcontactsubject’ parameter in all versions up to, and including, 4.2.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
CVE-2024-2200
The CVE CVE-2024-2200 concerns WordPress plugin Contact Form by BestWebSoft. Affected versions: all up to and including 4.2.8. Root cause: insufficient input sanitization and output escaping leads to Reflected Cross-Site Scripting via the cntctfrm_contact_subject parameter. Impact: unauthenticate...