WordPress Plugin Vulnerabilities

CP Contact Form with Paypal <= 1.3.01 - Multiple XSS

Description

The CP Contact Form with PayPal WordPress plugin was affected by a Multiple XSS security vulnerability.

Proof of Concept

Affects Plugins

Plugin icon
cp-contact-form-with-paypal
Fixed in 1.3.02

References

CVE
CVE-2019-14784
CVE
CVE-2019-14785
URL
https://plugins.trac.wordpress.org/changeset?reponame=&new=2110906%40cp-contact-form-with-paypal&old=2102944%40cp-contact-form-with-paypal

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Verified
No
WPVDB ID
f66a055e-1de7-442d-b625-cc6e8b14a498

Timeline

Publicly Published
2019-06-23 (about 6 years ago)
Added
2019-06-23 (about 6 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2023-01-27
Title
Welcart e-Commerce < 2.8.11 - Reflected XSS
Published
2023-08-07
Title
WP Categories Widget < 2.3 - Reflected XSS
Published
2023-01-17
Title
WP-CommentNavi < 1.12.2 - Admin+ Stored XSS
Published
2023-07-24
Title
Custom Field For WP Job Manager < 1.2 - Admin+ Stored XSS
Published
2025-01-06
Title
PayGreen Payment Gateway < 1.0.27 - Reflected Cross-Site Scripting