The Contact Form Master WordPress plugin through 1.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
History

Sat, 11 Jan 2025 06:15:00 +0000

Type Values Removed Values Added
Description The Contact Form Master WordPress plugin through 1.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
Title Contact Form Master <= 1.0.7 - Reflected XSS
References

cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2025-01-11T06:00:02.900Z

Updated: 2025-01-11T06:00:02.900Z

Reserved: 2024-12-12T18:37:19.906Z

Link: CVE-2024-12587

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2025-01-11T06:15:25.070

Modified: 2025-01-11T06:15:25.070

Link: CVE-2024-12587

cve-icon Redhat

No data.