RSS   Vulnerabilities for 'Contact form check tester'   RSS

2021-05-06
 
CVE-2021-24247

CWE-79
 

 
The Contact Form Check Tester WordPress plugin through 1.0.2 settings are visible to all registered users in the dashboard and are lacking any sanitisation. As a result, any registered user, such as subscriber, can leave an XSS payload in the plugin settings, which will be triggered by any user visiting them, and could allow for privilege escalation. The vendor decided to close the plugin.

 

 >>> Vendor: Mooveagency 4 Products
Contact form check tester
Redirect 404 to parent
Select all categories and taxonomies\, change checkbox to radio buttons
Import xml and rss feeds


Copyright 2024, cxsecurity.com

 

Back to Top