PT-2021-15790 · WordPress · Contact Form Check Tester
0Xb9
·
Published
2021-05-05
·
Updated
2021-12-03
·
CVE-2021-24247
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Contact Form Check Tester WordPress plugin versions prior to 1.0.3
Description
The issue allows any registered user to leave an XSS payload in the plugin settings, which can be triggered by any user visiting them. This could potentially allow for privilege escalation. The estimated number of potentially affected devices is not specified.
Recommendations
For Contact Form Check Tester WordPress plugin versions prior to 1.0.3, consider uninstalling the plugin as the vendor has decided to close it, and there is no available update to fix the issue. As a temporary workaround, consider restricting access to the plugin settings to minimize the risk of exploitation.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Contact Form Check Tester