ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Contact Form DB Plugin <= 2.8.26 - XSS

Product
Contact Form DB
Description
This vulnerability allows an attacker to inject arbitrary web script or HTML via the "submit_time" parameter in the CF7DBPluginSubmissions page to wp-admin/admin.php.
Solution
Update the plugin.
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
CVE Mitre
CVE
Name CVE-2015-2040
Versions
Affected In <= 2.8.26
Fixed In 2.8.27
Disclosure date
2015-02-20
Credits
Morten Nørtoft