WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. WordPress plugin is an application plugin for WordPress. A cross-site scripting vulnerability exists in WordPress Contact Form X plugin version 2.4 and earlier. The vulnerability stems from a lack of data validation filtering of user-supplied data and output in the &tab parameter. An attacker could exploit this vulnerability to execute JavaScript code.
CPE | Name | Operator | Version |
---|---|---|---|
wordpress contact form x plugin | le | 2.4 |