WordPress Plugin Vulnerabilities

Pondol Form to Mail <= 1.1 - Unauthenticated Reflected Cross-Site Scripting (XSS)

Description

The pondol-formmail WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting (XSS) security vulnerability.

Affects Plugins

Plugin icon
pondol-formmail
No known fix

References

CVE
CVE-2016-1000146
URL
http://www.vapidlabs.com/wp/wp_advisory.php?v=787
URL
https://www.openwall.com/lists/oss-security/2016/04/12/8

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
ef68561f-387b-4f2c-af76-e59ecfd65f6f

Timeline

Publicly Published
2016-04-13 (about 10 years ago)
Added
2016-04-19 (about 10 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2024-07-10
Title
Arkhe Blocks < 2.23.0 - Contributor+ Stored XSS
Published
2025-01-30
Title
StageShow < 10.0 - Reflected Cross-Site Scripting
Published
2025-04-02
Title
Support Helpdesk Ticket System Lite <= 4.5.2 - Reflected Cross-Site Scripting
Published
2025-01-20
Title
Uix Page Builder < 1.7.5 - Reflected Cross-Site Scripting
Published
2014-08-01
Title
Shapeless - Unspecified XSS