CVE-2021-24276

Contact Form by Supsystic < 1.7.15 - Reflected Cross-Site scripting (XSS)

EPSS 16.1%CWE-79

The Contact Form by Supsystic WordPress plugin before 1.7.15 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue

Affected products

Supsystic · Contact Form by Supsystic

public PoCs found — 2

cve_referencepacketstormsecurity.com/files/164308/WordPress-Contact-Form-1.7.14-Cross-Site-Scripting.htmlunverified exploitdbwww.exploit-db.com/exploits/50344unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://packetstormsecurity.com/files/164308/WordPress-Contact-Form-1.7.14-Cross-Site-Scripting.html https://wpscan.com/vulnerability/1301123c-5e63-432a-ab90-3221ca532d9c