WordPress Plugin Vulnerabilities

Contact Bank <= 2.0.225 - Authenticated Cross-Site Scripting (XSS)

Description

The Contact Bank – Contact Form Builder for WordPress WordPress plugin was affected by an Authenticated Cross-Site Scripting (XSS) security vulnerability.

Affects Plugins

Plugin icon
contact-bank
Fixed in 2.0.226

References

URL
http://cinu.pl/research/wp-plugins/mail_6b2acfbd552ce090be0f3237772aa39a.html
URL
http://blog.cinu.pl/2015/11/php-static-code-analysis-vs-top-1000-wordpress-plugins.html

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
10cf0faf-1764-4f5d-af14-e88d425186ff

Timeline

Publicly Published
2015-08-13 (about 10 years ago)
Added
2015-11-24 (about 10 years ago)
Last Updated
2019-10-31 (about 6 years ago)

Other

Published
Title
Published
2025-01-16
Title
SC Simple Zazzle <= 1.1.6 - Reflected Cross-Site Scripting
Published
2017-07-07
Title
WP Statistics <= 12.0.9 - Authenticated Cross-Site Scripting (XSS)
Published
2023-12-26
Title
ZeroBounce Email Verification & Validation < 1.0.12 - Authenticated (Administrator+) Stored Cross-Site Scripting
Published
2023-03-11
Title
WH Testimonials <= 3.0.0 - Unauthenticated Stored XSS
Published
2014-01-31
Title
Media File Renamer < 2.2.2 - Stored Cross-Site Scripting (XSS)