Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Easy Contact Form Pro < 1.1.1.9 - Authenticated Stored Cross-Site Scripting (XSS)
Vulnerability Description
The Easy Contact Form Pro WordPress plugin before 1.1.1.9 did not properly sanitise the text fields (such as Email Subject, Email Recipient, etc) when creating or editing a form, leading to an authenticated (author+) stored cross-site scripting issue. This could allow medium privilege accounts (such as author and editor) to perform XSS attacks against high privilege ones like administrator.
CVSS Information
N/A
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
WordPress 跨站脚本漏洞
Vulnerability Description
WordPress Easy Contact Form Pro是WordPress开源的一个应用软件。创建Web表单,而无需编写任何代码,表单就可以立即使用。 WordPress插件Easy Contact Form Pro 1.1.1.9之前版本存在安全漏洞,该漏洞允许中等权限帐户对管理员等高权限帐户执行XSS攻击。
CVSS Information
N/A
Vulnerability Type
N/A