Vulnerability Details CVE-2021-24247
The Contact Form Check Tester WordPress plugin through 1.0.2 settings are visible to all registered users in the dashboard and are lacking any sanitisation. As a result, any registered user, such as subscriber, can leave an XSS payload in the plugin settings, which will be triggered by any user visiting them, and could allow for privilege escalation. The vendor decided to close the plugin.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 55.9%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
References
Products affected by CVE-2021-24247
-
cpe:2.3:a:mooveagency:contact_form_check_tester:*