Security issue | ww.wp.xz.cn

Resolved yappare
(@yappare)

12 years, 10 months ago

It seems the latest version is vulnerable to XSS attack.
To reproduce

1: go to http://site.com/contact-us/ (tested on http://bestwebsoft.com/contacts/contact-us/ and it works as well)
2: put xss payload in any form
3: submit it with incomplete form (e.g invalid captcha)
4: payload used xxx”<>/**/onmouseover=confirm(1)<>/**/;//

http://ww.wp.xz.cn/plugins/contact-form-plugin/

Viewing 1 replies (of 1 total)

Plugin Author bestwebsoft
(@bestwebsoft)

12 years, 9 months ago

Hi,

We fixed that in the recent version of the plugin V3.52.

Kind regards

Viewing 1 replies (of 1 total)

The topic ‘Security issue’ is closed to new replies.

Tags

xss

1 reply
2 participants
Last reply from: bestwebsoft
Last activity: 12 years, 9 months ago
Status: resolved