Contact Form Submissions Project: >> Contact Form Submissions Security Vulnerabilities
The Contact Form Submissions WordPress plugin before 1.7.3 does not sanitise and escape additional fields in contact form requests before outputting them in the related submission. As a result, unauthenticated attacker could perform Cross-Site Scripting attacks against admins viewing the malicious submission
CVSS Score
6.1
EPSS Score
0.148
Published
2022-03-14
Unvalidated input in the Contact Form Submissions WordPress plugin before 1.7.1, could lead to SQL injection in the wpcf7_contact_form GET parameter when submitting a filter request as a high privilege user (admin+)
CVSS Score
7.2
EPSS Score
0.006
Published
2021-03-18