WordPress Plugin Vulnerabilities

Smart Forms 2.1.0 - Cross-Site Scripting (XSS)

Description

The Smart Forms – when you need more than just a contact form WordPress plugin was affected by a Cross-Site Scripting (XSS) security vulnerability.

Affects Plugins

Plugin icon
smart-forms
Fixed in 2.1.1

References

CVE
CVE-2014-8803
URL
https://security.szurek.pl/wordpress-smart-forms-210-xss.html

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Original Researcher
Kacper Szurek
Submitter
Kacper Szurek
Submitter website
http://security.szurek.pl/
Submitter twitter
kacperszurek
Verified
No
WPVDB ID
eb588203-e4ad-46b6-9dac-901ddc3c21be

Timeline

Publicly Published
2014-10-13 (about 11 years ago)
Added
2014-11-24 (about 11 years ago)
Last Updated
2019-10-21 (about 6 years ago)

Other

Published
Title
Published
2023-02-14
Title
WP Prayer < 1.9.7 - Admin+ Stored XSS
Published
2024-02-26
Title
Orbit Fox by ThemeIsle < 2.10.32 - Contributor+ Stored XSS via Post Type Grid Widget
Published
2019-04-17
Title
Download Manager <= 2.9.93 - Authenticated Cross-Site Scripting (XSS)
Published
2022-05-18
Title
Themify - WooCommerce Product Filter < 1.3.8 - Reflected Cross-Site Scripting
Published
2022-08-08
Title
WP Hide & Security Enhancer < 1.8 - Reflected Cross-Site Scripting