Cforms & CformsII <= 15.0.1 - Unauthenticated HTML Injection & CSRF

Affects Plugins

fixed in version 15.0.2

References

CVE 2019-15238
URL https://blog.nintechnet.com/html-injection-vulnerability-in-wordpress-cformsii-plugin/

Classification

Type MULTI

Miscellaneous

Original Researcher Jerome Bruandet (nintechnet.com)
Views 3654
Verified No
WPVDB ID 9505

Timeline

Publicly Published 2019-08-12 (3 months ago)
Added 2019-08-12 (3 months ago)
Last Updated 2019-09-16 (about 2 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin