PT-2019-19772 · WordPress · Contact Form Email

Tim Coen

Publicado

2019-03-10

Atualizado

2019-03-12

CVE-2019-9646

CVSS v3.1

6.1

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Contact Form Email plugin versions prior to 1.2.66

Description The issue allows for XSS in the wp-admin/admin.php item, related to the custom edition area in the cp admin int edition.inc.php file.

Recommendations For versions prior to 1.2.66, update to version 1.2.66 or later to resolve the issue. As a temporary workaround, consider restricting access to the custom edition area in the cp admin int edition.inc.php file until a patch is available.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2019-9646

Produtos afetados

Contact Form Email

PT-2019-19772 · WordPress · Contact Form Email

CVE-2019-9646

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5