Multiple Cross-Site Scripting Vulnerabilities in WP-ContactForm by WordPress
CVE-2008-0197

Currently unrated

Key Information:

Vendor: Wordpress
Status: WP-contactform
Vendor: CVE Published:; 10 January 2008

What is CVE-2008-0197?

The WP-ContactForm plugin for WordPress contains multiple vulnerabilities that allow remote attackers to exploit Cross-Site Scripting (XSS) flaws. Attackers can inject arbitrary web scripts or HTML through maliciously crafted inputs in various parameters including email, subject, question, answer, and error messages. This exploitation can affect users by executing harmful scripts in their browsers, potentially leading to unauthorized actions, data theft, or session hijacking. It is essential for WordPress site administrators to update to a secure version to mitigate these risks.

References

http://securityvulns.ru/Sdocument546.html

x_refsource_MISC

http://lists.grok.org.uk/pipermail/full-disclosure/2008-J...

mailing-listx_refsource_FULLDISC

http://websecurity.com.ua/1600/

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 10, 2008
Vulnerability Reserved
Jan 9, 2008

Wordpress

What is CVE-2008-0197?

References

Timeline