CVE-2014-125095

Published: Apr 9, 2023Modified: Nov 21, 2024

6.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

A vulnerability was found in BestWebSoft Contact Form Plugin 1.3.4 on WordPress and classified as problematic. Affected by this issue is the function bws_add_menu_render of the file bws_menu/bws_menu.php. The manipulation of the argument bwsmn_form_email leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.3.7 is able to address this issue. The name of the patch is 4d531f74b4a801c805dc80360d4ea1312e9a278f. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-225320.

Affected (1)

Products: Bestwebsoft: Contact Form

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Bestwebsoft Contact Form	Version 1.3.4

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (6)

https://github.com/wp-plugins/contact-form-plugin/commit/4d531f74b4a801c805dc80360d4ea1312e9a278f

Source: cna@vuldb.com

Patch

https://vuldb.com/?ctiid.225320

Source: cna@vuldb.com

Permissions RequiredThird Party Advisory

https://vuldb.com/?id.225320

Source: cna@vuldb.com

Third Party Advisory

https://github.com/wp-plugins/contact-form-plugin/commit/4d531f74b4a801c805dc80360d4ea1312e9a278f

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://vuldb.com/?ctiid.225320

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredThird Party Advisory

https://vuldb.com/?id.225320

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.