2022-07-17 10:37:14
WPScan
PUBLISHED
The Contact Form 7 Captcha WordPress plugin before 0.1.2 does not escape the $_SERVER[REQUEST_URI] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers