CVE-2015-6965

Name of the Vulnerable Software and Affected Versions Contact Form Generator plugin versions 2.0.1 and earlier

Description The issue allows remote attackers to hijack the authentication of administrators for various requests, including creating, updating, or deleting fields, forms, or templates, as well as conducting cross-site scripting (XSS) attacks. This is achieved through a crafted request to the "cfg forms" page in "wp-admin/admin.php".

Recommendations For Contact Form Generator plugin versions 2.0.1 and earlier, update to a version later than 2.0.1 to resolve the issue.