Security Advisory

CVE-2021-25080

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-01-24 08:01:28

Last updated 2024-08-03 19:56:09

Assigner WPScan

State PUBLISHED

Description

The Contact Form Entries WordPress plugin before 1.1.7 does not validate, sanitise and escape the IP address retrieved via headers such as CLIENT-IP and X-FORWARDED-FOR, allowing unauthenticated attackers to perform Cross-Site Scripting attacks against logged in admins viewing the created entry

← Browse all CVEs View on cve.org ↗