Cross-Site Scripting in Contact Form Email Plugin for WordPress by WordPress
CVE-2019-9646
6.1MEDIUM
What is CVE-2019-9646?
The Contact Form Email plugin for WordPress prior to version 1.2.66 is susceptible to cross-site scripting (XSS) attacks, particularly through wp-admin/admin.php. This vulnerability can be exploited via the 'custom edition area' in the cp_admin_int_edition.inc.php file, enabling unauthorized users to inject malicious scripts. It highlights the importance of timely updates and security measures to protect against potential attacks.