The Contact Form Email WordPress plugin before 1.3.38 does not escape submitted values before displaying them in the HTML, leading to a Stored XSS vulnerability.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/8ad824a6-2d49-4f02-8252-393c59aa9705 | Exploit Third Party Advisory |
https://www.onvio.nl/nieuws/research-day-discovering-vulnerabilities-in-wordpress-plugins | Exploit |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2023-06-12T17:28:21.468Z
Updated: 2023-10-11T08:42:17.935Z
Reserved: 2023-05-15T18:27:46.852Z
Link: CVE-2023-2718
JSON object: View
NVD Information
Status : Modified
Published: 2023-06-12T18:15:10.167
Modified: 2023-11-07T04:13:13.123
Link: CVE-2023-2718
JSON object: View
Redhat Information
No data.
CWE