WordPress Contact Forms by Cimatti, 2d669501ada3e5144b1df53e139e197bdea2364f

CVE, Research URL: 2d669501ada3e5144b1df53e139e197bdea2364f
Home page URL: Security reports for WordPress Contact Forms by Cimatti
Application: WordPress Contact Forms by Cimatti
Published on: Mar 27, 2023
Research Description: Contact Forms by Cimatti [contact-forms] < 1.5.5 WordPress Contact Forms by Cimatti <= 1.5.4 - Unauthenticated Stored Cross-Site Scripting The WordPress Contact Forms by Cimatti plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form parameters in versions up to, and including, 1.5.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: max 1.5.5.
Status: vulnerable