WordPress Plugin Vulnerabilities

Cforms <= 13.1 - 'lib_ajax.php' Cross-Site Scripting (XSS)

Description

The cforms plugin has a XSS vulnerability in file lib_ajax.php with rs and rsargs[] parameters. It is fixed in version 13.2. The cforms2 fork was forked at 14.6, so it is not affected.

Affects Plugins

Plugin icon
cforms
Fixed in 13.2

References

CVE
CVE-2010-3977
Exploitdb
34946
URL
https://packetstormsecurity.com/files/#95395/

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Submitter
Bastian Germann
Verified
No
WPVDB ID
8ce453e5-6eac-4991-bfaf-260d34e0a71b

Timeline

Publicly Published
2010-11-01 (about 15 years ago)
Added
2017-03-20 (about 9 years ago)
Last Updated
2019-11-01 (about 6 years ago)

Other

Published
Title
Published
2023-07-05
Title
Simple Light Weight Social Share <= 2.0 - Admin+ Stored XSS
Published
2026-04-07
Title
Gravity Forms < 2.9.31 - Unauthenticated Stored Cross-Site Scripting via Credit Card 'Card Type' Sub-Field
Published
2025-02-26
Title
BuddyBoss Platform < 2.8.00 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'link_title'
Published
2020-03-02
Title
Testimonial < 2.1.7 - Authenticated Stored Cross-Site Scripting (XSS)
Published
2024-04-05
Title
WP Google Review Slider < 13.6 - Admin+ Stored XSS