Lucene search
WpvulndbWPVDB-ID:B98EFCF7-DB7C-4C18-A886-4235DE6D53A1HistoryDec 23, 2023 - 12:00 a.m.
Seos Contact Form <= 1.8.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
2023-12-2300:00:00
wpscan.com
17
seos contact form
authenticated
stored cross-site scripting
wordpress
input sanitization
output escaping
administrator-level permissions
multi-site installations
unfiltered_html
Description The Seos Contact Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Related
nvd
nvd
CVE-2023-50830
2023-12-21 18:15:07
cvelist
cvelist
prion
prion
Cross site scripting
2023-12-21 18:15:00
cve
cve
CVE-2023-50830
2023-12-21 18:15:07
wordfence
wordfence
AI Score
5.7
Confidence
High
EPSS
0
Percentile
14.0%
Related for WPVDB-ID:B98EFCF7-DB7C-4C18-A886-4235DE6D53A1