Multiple XSS Vulnerabilities in Contact Form to DB Plugin for WordPress
CVE-2017-18492
6.1MEDIUM
Summary
The Contact Form to DB plugin for WordPress, prior to version 1.5.7, contains multiple Cross-Site Scripting (XSS) vulnerabilities. These vulnerabilities may allow attackers to inject malicious scripts into the website, which could lead to data theft or unauthorized actions performed on behalf of users. It is crucial for website administrators to apply updates and take measures to mitigate potential risks associated with this plugin.
References
CVSS V3.1
Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved