WordPress is a set of blogging platforms developed using the PHP language. A cross-site scripting vulnerability exists in versions of the WordPress plugin Redirection for Contact Form 7 prior to 2.5.0. The vulnerability stems from a failure to escape links generated prior to output in properties, which could be exploited by an attacker to steal a victim’s cookie-based authentication credentials from the victim.
CPE | Name | Operator | Version |
---|---|---|---|
WordPress Redirection for Contact Form 7 Plugin | lt | 2.5.0 |