WordPress Contact Form X plugin <= 2.4 - Reflected Cross-Site Scripting (XSS) vulnerability
CVE-2022-25601

4.7MEDIUM

Key Information:

Vendor

WordPress
Status
Contact Form X (WordPress Plugin)
Vendor
CVE Published:
25 February 2022

What is CVE-2022-25601?

Reflected Cross-Site Scripting (XSS) vulnerability affecting parameter &tab discovered in Contact Form X WordPress plugin (versions <= 2.4).

Affected Version(s)

Contact Form X (WordPress plugin) <= 2.4 <= 2.4

References

https://wordpress.org/plugins/contact-form-x/#developers
x_refsource_CONFIRM
https://patchstack.com/database/vulnerability/contact-for...
x_refsource_CONFIRM
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisoryx_refsource_FEDORA

CVSS V3.1

Score:
4.7
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Vulnerability discovered by Ex.Mi (Patchstack).
.