ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Contact Form Clean and Simple plugin <= 4.7.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Product
Contact Form Clean and Simple
Description
Authenticated Stored Cross-Site Scripting (XSS) vulnerability found by Jeroen Mulder in WordPress Contact Form Clean and Simple plugin (versions <= 4.7.0).
Solution
01.22.2020 - we were unable to find a patched version of this plugin.
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
Plugin changelog
CVE
Name CVE-N/A
Versions
Affected In <= 4.7.0
Disclosure date
2020-01-22
Credits
Jeroen Mulder
Submitter
ThreatPress