The Contact Form Email WordPress plugin prior to 1.3.38 does not escape submitted values before displaying them in the HTML, leading to a Stored XSS vulnerability.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
codepeople contact form email |