WordPress Contact Form DB Plugin <= 2.8.15 - Multiple XSS

2014-09-2200:00:00

High-Tech Bridge

patchstack.com

EPSS

0.005

Percentile

75.6%

Because of these vulnerabilities, the attackers can inject arbitrary web script or HTML via the “form” or “enc” parameter.

Solution

           Update the plugin.

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7139

EPSS

0.005

Percentile

75.6%

Related for PATCHSTACK:96DBFDD4BB41FE75A97EB16B59946C00