ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Contact Form Clean and Simple Plugin <= 4.4.0 - XSS

Product
Contact Form Clean and Simple
Description
This vulnerability allows the attackers to inject arbitrary web script or HTML via the "cscf[name]" parameter to contact-us/.
Solution
Update the plugin.
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
CVE Mitre
CVE
Name CVE-2014-8955
Versions
Affected In <= 4.4.0
Fixed In 4.4.1
Disclosure date
2014-11-17
Credits
Ajin Abraham