2023-06-12 17:28:21
WPScan
PUBLISHED
The Contact Form Email WordPress plugin before 1.3.38 does not escape submitted values before displaying them in the HTML, leading to a Stored XSS vulnerability.