CVE-2014-3841

Name of the Vulnerable Software and Affected Versions Contact Bank plugin versions prior to 2.0.20 for WordPress

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the Label field, related to form layout configuration.

Recommendations For versions prior to 2.0.20, update to version 2.0.20 or later to resolve the issue. As a temporary workaround, consider restricting access to the form layout configuration to minimize the risk of exploitation. Avoid using the Label field in the affected form until the issue is resolved.