WordPress Plugin Vulnerabilities

Quick Contact Form < 8.0.4 - Contributor+ Stored XSS

Description

The plugin does not validate and escape some parameters, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

Affects Plugins

Plugin icon
quick-contact-form
Fixed in 8.0.4

References

CVE
CVE-2023-23885

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.8 (medium)

Miscellaneous

Original Researcher
yuyudhn
Verified
No
WPVDB ID
c9f2ef2f-1bc7-451e-9b4a-3055ab1fc879

Timeline

Publicly Published
2023-02-06 (about 1 years ago)
Added
2023-04-10 (about 1 years ago)
Last Updated
2023-04-10 (about 1 years ago)

Other

Published
Title
Published
2024-01-10
Title
Constant Contact Forms by MailMunch < 2.1.0 - Contributor+ Stored XSS
Published
2015-08-24
Title
Easy Coming Soon <= 1.8.1 - Authenticated Stored Cross-Site Scripting (XSS)
Published
2023-02-15
Title
WordPress Social Login and Register < 7.5.15 - Multiple CSRF
Published
2014-08-01
Title
Page Layout Builder 1.3.4 - includes/layout-settings.php layout_settings_id Parameter Reflected XSS
Published
2022-01-10
Title
All-in-one Floating Contact Form < 2.0.4 - Authenticated Reflected Cross-Site Scripting (XSS)