Description
The Easy Contact Form Pro WordPress plugin before 1.1.1.9 did not properly sanitise the text fields (such as Email Subject, Email Recipient, etc) when creating or editing a form, leading to an authenticated (author+) stored cross-site scripting issue. This could allow medium privilege accounts (such as author and editor) to perform XSS attacks against high privilege ones like administrator.
Analysis
No analysis available yet.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Unknown | Easy Contact Form Pro | affected |
|
Configuration 1 [-]
|
No data.
No data available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2021-11082 | The Easy Contact Form Pro WordPress plugin before 1.1.1.9 did not properly sanitise the text fields (such as Email Subject, Email Recipient, etc) when creating or editing a form, leading to an authenticated (author+) stored cross-site scripting issue. This could allow medium privilege accounts (such as author and editor) to perform XSS attacks against high privilege ones like administrator. |
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: WPScan
Published:
Updated: 2024-08-03T19:21:18.620Z
Reserved: 2021-01-14T00:00:00.000Z
Link: CVE-2021-24168
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-04-05T19:15:15.670
Modified: 2024-11-21T05:52:30.630
Link: CVE-2021-24168
Redhat
No data.
OpenCVE Enrichment
No data.
Weaknesses