Andreas Damen WPVDB-ID:8AD824A6-2D49-4F02-8252-393C59AA9705Contact Form Email < 1.3.38 - Unauthenticated Stored Cross-Site Scripting
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
4.9 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:P/A:N
0.0004 Low
EPSS
Percentile
12.0%
The plugin does not escape submitted values before displaying them in the HTML, leading to a Stored XSS vulnerability.
PoC
1. Publish the default form to a page by clicking on “Contact Form to Email” in the sidebar, and the “Publish” button beside the form name. 2. Visit the form on the frontend. Fill in the Email and Subject with arbitrary, valid values. Fill in the Message field with  3. Submit the form. 4. In the backend, on the “Contact Form to Email” page, click on “Messages” and click the “Edit” button corresponding to the new message. 5. See the XSS has been triggered.
| CPE | Name | Operator | Version |
|---|---|---|---|
| contact-form-to-email | lt | 1.3.38 |
Related
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
4.9 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:P/A:N
0.0004 Low
EPSS
Percentile
12.0%