WordPress Plugin Vulnerabilities

Contact Form to Email <= 1.1.47 - Authenticated Reflected Cross-Site Scripting (XSS)

Description

The Contact Form Email WordPress plugin was affected by an Authenticated Reflected Cross-Site Scripting (XSS) security vulnerability.

Affects Plugins

Plugin icon
contact-form-to-email
Fixed in 1.1.48

References

URL
https://seclists.org/fulldisclosure/2016/Jul/59
URL
https://sumofpwn.nl/advisory/2016/cross_site_scripting_in_contact_form_to_email_wordpress_plugin.html

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
b425eb94-b3e6-4241-9b7d-ca1b0c993520

Timeline

Publicly Published
2016-07-24 (about 9 years ago)
Added
2016-07-25 (about 9 years ago)
Last Updated
2019-11-01 (about 6 years ago)

Other

Published
Title
Published
2017-04-05
Title
Download WordPress Firewall 2 - Authenticated Stored XSS/CSRF
Published
2023-10-12
Title
Amministrazione Trasparente < 8.0.5 - Admin+ Stored XSS
Published
2020-04-15
Title
Widget Settings Importer/Exporter <= 1.5.3 - Authenticated Stored XSS
Published
2024-11-29
Title
Serious Slider < 1.2.7 - Contributor+ Stored XSS via Shortcode
Published
2025-11-10
Title
Simple Donate <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting