Wordpress.Contact.Form.Entries.Plugin.Stored.XSS
Description
This indicates an attack attempt to exploit a Cross-Site Scripting Vulnerability in WordPress Project Contact Form Entries Plugin.
The vulnerability is due to insufficient sanitization of HTTP headers. A remote unauthenticated attacker could exploit this vulnerability by sending a crafted HTTP request to the target server. Successful exploitation could result in the execution of arbitrary script code in the target user's browser.
Affected Products
WordPress Project Contact Form Entries Plugin Prior to 1.1.7
Impact
System Compromise: Remote attackers can execute arbitrary script code within the context of the target user's browser.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://plugins.trac.wordpress.org/browser/contact-form-entries?rev=2450335
Version Updates
Date | Version | Detail |
---|---|---|
2022-03-31 | 0.00316 |