CVE-2018-20963 – Contact Form Email <= 1.2.65 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-20963
The contact-form-to-email plugin before 1.2.66 for WordPress has XSS. El complemento contact-form-to-email anterior de 1.2.66 para WordPress tiene XSS. • https://wordpress.org/plugins/contact-form-to-email/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-9646 – Contact Form Email <= 1.2.65 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-9646
The Contact Form Email plugin before 1.2.66 for WordPress allows wp-admin/admin.php item XSS, related to cp_admin_int_edition.inc.php in the "custom edition area." El plugin Contact Form Email, en versiones anteriores a la 1.2.66 para WordPress, permite Cross-Site Scripting (XSS) en los ítems wp-admin/admin.php. Esto está relacionado con cp_admin_int_edition.inc.php en el área "custom edition area". WordPress Contact Form Email plugin version 1.2.65 suffers from cross site request forgery and cross site scripting vulnerabilities. • https://lists.openwall.net/full-disclosure/2019/02/05/7 https://security-consulting.icu/blog/2019/02/wordpress-contact-form-email-xss-csrf https://wordpress.org/plugins/contact-form-to-email/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •