Vulnerability Details CVE-2022-40191
Authenticated (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in Ali Khallad's Contact Form By Mega Forms plugin <= 1.2.4 at WordPress.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 49.2%
CVSS Severity
CVSS v3 Score 5.4
References
- https://patchstack.com/database/vulnerability/mega-forms/wordpress-contact-form-by-mega-forms-plugin-1-2-4-authenticated-stored-cross-site-scripting-xss-vulnerability/_s_id=cve
- https://wordpress.org/plugins/mega-forms/#developers
- https://patchstack.com/database/vulnerability/mega-forms/wordpress-contact-form-by-mega-forms-plugin-1-2-4-authenticated-stored-cross-site-scripting-xss-vulnerability/_s_id=cve
- https://wordpress.org/plugins/mega-forms/#developers
Products affected by CVE-2022-40191
-
cpe:2.3:a:contact_form_by_mega_forms_project:contact_form_by_mega_forms:*