PT-2023-10011 · Bestwebsoft · Bestwebsoft Contact Form Plugin
Published
2023-04-05
·
Updated
2024-05-17
·
CVE-2013-10022
CVSS v2.0
4.0
Medium
| Vector | AV:N/AC:L/Au:S/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
BestWebSoft Contact Form Plugin version 3.51
Description
A vulnerability has been found in the BestWebSoft Contact Form Plugin, affecting the function
cntctfrm display form/cntctfrm check form of the file contact form.php. This issue leads to cross-site scripting and can be launched remotely.Recommendations
For BestWebSoft Contact Form Plugin version 3.51, upgrade to version 3.52 to address this issue. As a temporary workaround, consider disabling the
cntctfrm display form/cntctfrm check form function until the patch is applied. Restrict access to the contact form.php file to minimize the risk of exploitation.Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Bestwebsoft Contact Form Plugin