CVE-2022-0248

CVE-2022-0248: Contact Form Submissions < 1.7.3 - Unauthenticated Stored XSS

Vendor Unknown
Product Contact Form Submissions
Weakness CWE-79 · XSS
Published March 14, 2022
Last update August 2, 2024

CVSS base score

What the vulnerability does

01Description

The Contact Form Submissions WordPress plugin before 1.7.3 does not sanitise and escape additional fields in contact form requests before outputting them in the related submission. As a result, unauthenticated attacker could perform Cross-Site Scripting attacks against admins viewing the malicious submission

Key dates

02Disclosure timeline

March 14, 2022 CVE published
August 2, 2024 Record updated

Related vulnerabilities

04Related CVE