Status: A new version of Contact Form by BestWebSoft has been released
Input passed via the "cntctfrm_contact_email" POST parameter to index.php is not properly sanitised in wp-content/plugins/contact-form-plugin/trunk/contact_form.php before being returned to the user. This can be exploited to execute arbitrary HTML and script code in the context of an affected site.
- Secunia ID: 52250
- Credit: SVN commit
- Plugin statistics provided by WordPress.org. Updated within the last day or so.
- ¹ Status info requires plugin author's to fill in versioning info on the wordpress.org repository