Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbRyan DewhurstWPVDB-ID:AB7D048A-3E4F-4E89-B1B7-8D9A8C09F0D7
HistoryFeb 05, 2019 - 12:00 a.m.

Contact Form Email <= 1.2.65 - Multiple Cross-Site Scripting (XSS) & CSRF

2019-02-0500:00:00
Ryan Dewhurst
wpscan.com
8

0.001 Low

EPSS

Percentile

34.6%

JSON

The Contact Form Email WordPress plugin was affected by a Multiple Cross-Site Scripting (XSS) & CSRF security vulnerability.

PoC

http://www.example.com/wp-admin/admin.php?page=cp_contactformtoemail&amp;edit;=1&amp;cal;=1&amp;item;='">

CPENameOperatorVersion
contact-form-to-emaillt1.2.66

Related

wpexploit 1
openvas 1
patchstack 2
cvelist 3
nvd 3
prion 3
cve 3
wpexploit
wpexploit
Contact Form Email <= 1.2.65 - Multiple Cross-Site Scripting (XSS) & CSRF
2019-02-05 00:00:00
openvas
openvas
WordPress Contact Form Email Plugin < 1.2.66 XSS Vulnerability
2019-03-18 00:00:00
patchstack
patchstack
WordPress Contact Form Email plugin <= 1.2.65 - Cross-Site Request Forgery (CSRF) vulnerability
2019-03-12 00:00:00
WordPress Contact Form Email plugin <= 1.2.65 - Cross-Site Scripting (XSS) vulnerability
2019-03-12 00:00:00
cvelist
cvelist
CVE-2019-9646
2022-10-03 16:19:40
CVE-2018-20964
2019-08-13 16:46:13
CVE-2018-20963
2019-08-13 16:46:45
nvd
nvd
CVE-2019-9646
2019-03-10 22:29:00
CVE-2018-20963
2019-08-13 17:15:13
CVE-2018-20964
2019-08-13 17:15:13
prion
prion
Cross site request forgery (csrf)
2019-08-13 17:15:00
Cross site scripting
2019-03-10 22:29:00
Cross site scripting
2019-08-13 17:15:00
cve
cve
CVE-2018-20963
2019-08-13 17:15:13
CVE-2019-9646
2022-10-03 16:19:40
CVE-2018-20964
2019-08-13 17:15:13

0.001 Low

EPSS

Percentile

34.6%

JSON
Related for WPVDB-ID:AB7D048A-3E4F-4E89-B1B7-8D9A8C09F0D7
wpexploit1openvas1patchstack2cvelist3nvd3prion3cve3