CVE-2014-125095

Name of the Vulnerable Software and Affected Versions BestWebSoft Contact Form Plugin version 1.3.4

Description A vulnerability was found in the BestWebSoft Contact Form Plugin and classified as problematic. The issue affects the function bws add menu render of the file bws menu/bws menu.php. The manipulation of the argument bwsmn form email leads to cross-site scripting. The attack may be launched remotely. Upgrading to version 1.3.7 is able to address this issue.

Recommendations For BestWebSoft Contact Form Plugin version 1.3.4, upgrade to version 1.3.7 to address the issue. As a temporary workaround, consider restricting the use of the bws add menu render function until a patch is applied. Avoid using the argument bwsmn form email in the affected function until the issue is resolved.