Contact Form Email < 1.3.38 - Unauthenticated Stored Cross-Site Scripting
CVE-2023-2718
5.4MEDIUM
What is CVE-2023-2718?
The Contact Form Email WordPress plugin before 1.3.38 does not escape submitted values before displaying them in the HTML, leading to a Stored XSS vulnerability.
Affected Version(s)
Contact Form Email 0 < 1.3.38