ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Pondol Form to Mail Plugin <= 1.1 - Cross Site Scripting (XSS)

Product
Pondol Form to Mail
Description
Because of this vulnerability, the variable itemid appears to send unsanitized data back to the users browser. Vulnerable file is pondol-formmail/pages/admin-mail-info.php.
Solution
Update the plugin.
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
Openwall
Vapid
CVE
Name CVE-2016-1000146
Versions
Affected In <= 1.1
Fixed In 1.2
Disclosure date
2016-04-13
Submitter
ThreatPress