WordPress Plugin Vulnerabilities

Contact Form by WPForms < 1.4.8 - Authenticated Stored Cross-Site Scripting (XSS)

Description

The Contact Form by WPForms – Drag & Drop Form Builder for WordPress WordPress plugin was affected by an Authenticated Stored Cross-Site Scripting (XSS) security vulnerability.

Affects Plugins

wpforms-lite

Fixed in version 1.4.8

References

URL

https://www.ripstech.com/php-security-calendar-2018/

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

Miscellaneous

Original Researcher

RIPS Technologies

Submitter

Ryan Dewhurst

Submitter twitter

ethicalhack3r

Verified

WPVDB ID

0a50ad3d-6062-47d9-9602-bfded802200d

Timeline

Publicly Published

2018-12-02 (about 4 years ago)

Added

2018-12-06 (about 4 years ago)

Last Updated

2020-10-01 (about 2 years ago)

Our Other Services

WPScan WordPress Security Plugin