WordPress Plugin Vulnerabilities

Contact Form 3.34 - contact_form.php cntctfrm_contact_message Parameter XSS

Description

The Contact Form by BestWebSoft WordPress plugin was affected by a contact_form.php cntctfrm_contact_message Parameter XSS security vulnerability.

Affects Plugins

Plugin icon
contact-form-plugin
Fixed in 3.35

References

CVE
CVE-2013-7481

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Verified
No
WPVDB ID
b0dcd285-de82-49f5-9c81-0eab8a831e65

Timeline

Publicly Published
2013-08-26 (about 12 years ago)
Added
2014-08-01 (about 11 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2021-07-21
Title
Maintenance < 4.03 - Authenticated Stored XSS
Published
2024-12-13
Title
Plezi < 1.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2018-10-26
Title
Elementor Pro < 2.0.10 - XSS
Published
2024-11-08
Title
Smooth Maps <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2024-10-15
Title
Secure Custom Fields < 6.3.6.3 - Admin+ Stored XSS