WordPress Plugin Vulnerabilities

Contact Bank < 2.1.23 - Cross-Site Scripting (XSS)

Description

The Contact Bank – Contact Form Builder for WordPress WordPress plugin was affected by a Cross-Site Scripting (XSS) security vulnerability.

Affects Plugins

Plugin icon
contact-bank
Fixed in 2.1.23

References

URL
https://seclists.org/fulldisclosure/2016/Aug/2
URL
https://sumofpwn.nl/advisory/2016/cross_site_scripting_in_contact_bank_wordpress_plugin.html

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
9d5148d7-3629-4333-bbf1-09b17429a3e4

Timeline

Publicly Published
2016-08-01 (about 9 years ago)
Added
2016-08-01 (about 9 years ago)
Last Updated
2019-11-01 (about 6 years ago)

Other

Published
Title
Published
2024-09-10
Title
Event Calendar <= 1.0.4 - Admin+ Stored XSS
Published
2026-01-20
Title
UX Flat <= 5.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2022-01-18
Title
ProfileGrid < 4.7.5 - Subscriber+ Stored Cross-Site Scripting
Published
2024-10-31
Title
AwesomePress <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2022-01-25
Title
AP Custom Testimonial < 1.4.8 - Reflected Cross-Site Scripting