Vulnerabilities

CVE-2021-25080

by Fred · 24/01/2022

The Contact Form Entries WordPress plugin before 1.1.7 does not validate, sanitise and escape the IP address retrieved via headers such as CLIENT-IP and X-FORWARDED-FOR, allowing unauthenticated attackers to perform Cross-Site Scripting attacks against logged in admins viewing the created entry

Date published : 2022-01-24

https://plugins.trac.wordpress.org/changeset/2450335

https://wpscan.com/vulnerability/acd3d98a-aab8-49be-b77e-e8c6ede171ac

Similar

Tags: Cybersecurity Alert