6.1
CVSSv3

CVE-2024-12587

CVSSv4: NA | CVSSv3: 6.1 | CVSSv2: NA | VMScore: 710 | EPSS: 0.00043 | KEV: Not Included
Published: 11/01/2025 Updated: 13/01/2025

Vulnerability Summary

Reflected XSS in Contact Form Master WordPress Plugin Pre-1.0.8

The Contact Form Master WordPress plugin up to version 1.0.7 has a Reflected Cross-Site Scripting vulnerability. It doesn't sanitize and escape a parameter before showing it on the page. This can target high privilege users like admin.

Vulnerable Product Search on Vulmon Subscribe to Product

unknown contact form master