WordPress Plugin Vulnerabilities

Contact Form Clean & Simple <= 4.4.0 - Cross-Site Scripting (XSS)

Description

The Contact Form Clean and Simple WordPress plugin was affected by a Cross-Site Scripting (XSS) security vulnerability.

Affects Plugins

Plugin icon
clean-and-simple-contact-form-by-meg-nicholas
Fixed in 4.4.1

References

CVE
CVE-2014-8955
URL
https://packetstormsecurity.com/files/#128957/

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Submitter
Ajin Abraham
Submitter website
http://opensecurity.in
Submitter twitter
ajinabraham
Verified
No
WPVDB ID
ddc268fa-17e8-4c95-af15-8c03ccc0747d

Timeline

Publicly Published
2014-11-07 (about 11 years ago)
Added
2014-11-07 (about 11 years ago)
Last Updated
2019-10-21 (about 6 years ago)

Other

Published
Title
Published
2016-12-07
Title
WooCommerce <= 2.6.8 - Authenticated Tax-Rate CSV XSS
Published
2025-04-01
Title
Extensions for Elementor <= 2.0.40 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2025-09-26
Title
User Notes < 1.0.3 - Admin+ Stored XSS
Published
2022-09-19
Title
Simple File List < 4.4.12 - Admin+ Stored Cross-Site Scripting
Published
2025-03-26
Title
MediaView < 1.1.3 - Reflected Cross-Site Scripting via id Parameter