CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Easy Contact Form Pro Project: Security Vulnerabilities

CVE-2021-24168

The Easy Contact Form Pro WordPress plugin before 1.1.1.9 did not properly sanitise the text fields (such as Email Subject, Email Recipient, etc) when creating or editing a form, leading to an authenticated (author+) stored cross-site scripting issue. This could allow medium privilege accounts (such as author and editor) to perform XSS attacks against high privilege ones like administrator.

CVSS Score

5.4

EPSS Score

0.002

Published

2021-04-05

Page 1

Vulnerabilities

Vulnerable Software

Easy Contact Form Pro Project: Security Vulnerabilities

Products

Pricing

Contact Us