WordPress.org

Ready to get started?Download WordPress

Forums

Contact Form
[resolved] Security issue (2 posts)

  1. yappare
    Member
    Posted 11 months ago #

    It seems the latest version is vulnerable to XSS attack.
    To reproduce

    1: go to http://site.com/contact-us/ (tested on http://bestwebsoft.com/contacts/contact-us/ and it works as well)
    2: put xss payload in any form
    3: submit it with incomplete form (e.g invalid captcha)
    4: payload used xxx"<>/**/onmouseover=confirm(1)<>/**/;//

    http://wordpress.org/plugins/contact-form-plugin/

  2. bestwebsoft
    Member
    Plugin Author

    Posted 10 months ago #

    Hi,

    We fixed that in the recent version of the plugin V3.52.

    Kind regards

Reply

You must log in to post.

About this Plugin

About this Topic