CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-24168

The Easy Contact Form Pro WordPress plugin before 1.1.1.9 did not properly sanitise the text fields (such as Email Subject, Email Recipient, etc) when creating or editing a form, leading to an authenticated (author+) stored cross-site scripting issue. This could allow medium privilege accounts (such as author and editor) to perform XSS attacks against high privilege ones like administrator.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 41.0%

CVSS Severity

CVSS v3 Score 5.4

CVSS v2 Score 3.5

References

https://wpscan.com/vulnerability/bfaa7d79-904e-45f1-bc42-ddd90a65ce74
https://wpscan.com/vulnerability/bfaa7d79-904e-45f1-bc42-ddd90a65ce74

Products affected by CVE-2021-24168

Easy Contact Form Pro Project » Easy Contact Form Pro » Version: N/A

cpe:2.3:a:easy_contact_form_pro_project:easy_contact_form_pro:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-24168

Products

Pricing

Contact Us