Cross site scripting

2022-03-1415:15:00

PRIOn knowledge base

www.prio-n.com

0.001 Low

EPSS

Percentile

31.6%

JSON

The Contact Form Submissions WordPress plugin before 1.7.3 does not sanitise and escape additional fields in contact form requests before outputting them in the related submission. As a result, unauthenticated attacker could perform Cross-Site Scripting attacks against admins viewing the malicious submission

CPENameOperatorVersion
contact_form_submissionslt1.7.3

CPE	Name	Operator	Version
	contact_form_submissions	lt	1.7.3

References

plugins.trac.wordpress.org/changeset/2682024

wpscan.com/vulnerability/d02cf542-2d75-46bc-a0df-67bbe501cc89

0.001 Low

EPSS

Percentile

31.6%

JSON

Related for PRION:CVE-2022-0248