WordPress Plugin Vulnerabilities

Encrypted Contact Form < 1.1 - CSRF & XSS

Description

The Encrypted Contact Form WordPress plugin was affected by a CSRF & XSS security vulnerability.

Affects Plugins

Plugin icon
encrypted-contact-form
Fixed in 1.1

References

CVE
CVE-2015-4010
Exploitdb
37264
URL
https://packetstormsecurity.com/files/#131955/
URL
https://packetstormsecurity.com/files/#132209/
URL
https://seclists.org/fulldisclosure/2015/May/63

Miscellaneous

Submitter
firefart
Submitter website
https://firefart.at/
Submitter twitter
_FireFart_
Verified
No
WPVDB ID
bacbd9a0-19e2-4781-9e65-7318a2a4d4f5

Timeline

Publicly Published
2015-05-15 (about 10 years ago)
Added
2015-05-15 (about 10 years ago)
Last Updated
2019-10-21 (about 6 years ago)

Other

Published
Title
Published
2019-06-07
Title
ConvertPlus <= 3.4.4 - Multiple Issues
Published
2019-07-08
Title
WP Custom Body Class <= 0.7.0 - CSRF to Stored XSS and Settings Update
Published
2020-03-05
Title
RegistrationMagic – Custom Registration Forms and User Login < 4.6.0.4 - Multiple Critical Issues
Published
2015-05-25
Title
NewStatPress 0.9.8 - XSS & SQL Injection
Published
2017-01-10
Title
Responsive Poll 1.6.4,1.7.4 - Cross-Site Scripting (XSS) & CSRF