Contact Form plugin

Name: Contact Form
Type: XSS
Exploit version: 3.36
Release Date: 21-02-2013
Status: A new version of Contact Form has been released  •

Description:
Input passed via the "cntctfrm_contact_email" POST parameter to index.php is not properly sanitised in wp-content/plugins/contact-form-plugin/trunk/contact_form.php before being returned to the user. This can be exploited to execute arbitrary HTML and script code in the context of an affected site.

Plugin Information

  1. Downloaded: 2563951 Times
  2. Current Version: 3.84
  3. Author: Profile
  4. Tested up to: 4.0.1
  5. Download Plugin

Security Information

  1. Secunia ID: 52250
  2. Credit: SVN commit
  • Plugin statistics provided by WordPress.org. Updated within the last day or so.
  • ¹ Status info requires plugin author's to fill in versioning info on the wordpress.org repository