WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. WordPress plugin is an application plugin for WordPress. A cross-site scripting vulnerability exists in versions of the WordPress Contact Form Submissions plugin prior to 1.7.3, which stems from the plugin’s failure to clean and escape additional fields in a contact form The vulnerability is caused by the plugin’s failure to clean up and escape additional fields in a contact form request before exporting them to the relevant submission. An attacker could use this vulnerability to perform a cross-site scripting attack against an administrator viewing a malicious submission.
CPE | Name | Operator | Version |
---|---|---|---|
wordpress contact form submissions plugin | lt | 1.7.3 |