4 matches found
WordPress Contact Form Manager Plugin <= 1.6 is vulnerable to Cross Site Scripting (XSS)
Software Contact Form Manager Type Plugin Vulnerable versions = 1.6 Fixed in 1.6.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2295 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 163bd6f2f229 Credits ruphail Required...
CVE-2024-2295
The Contact Form Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's xyz-cfm-form shortcode in all versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-2295 Contact Form Manager <= 1.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Contact Form Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's xyz-cfm-form shortcode in all versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-2295
The CVE-2024-2295 entry concerns the WordPress plugin Contact Form Manager. Affected versions are all up to and including 1.6.1, where insufficient input sanitization and output escaping on the [xyz-cfm-form] shortcode attributes allows Stored Cross-Site Scripting (XSS). Exploitation requires aut...