CSRF & XSS vulnerabilities in Encrypted Contact Form WordPress Plugin v1.0.4

May 15, 2015 007admin

Posted by Nitin Venkatesh on May 15

# Title: Cross-site Request Forgery & Cross-site Scripting in Encrypted
Contact Form WordPress Plugin v1.0.4
# Submitter: Nitin Venkatesh
# Product: Encrypted Contact Form WordPress Plugin
# Product URL: https://wordpress.org/plugins/encrypted-contact-form/
# Vulnerability Type: Cross-site Request Forgery [CWE-352], Cross-site
scripting[CWE-79]
# Affected Versions: v1.0.4 and possibly below.
# Tested versions: v1.0.4
# Fixed Version: v1.1
#…

007 Software

CSRF & XSS vulnerabilities in Encrypted Contact Form WordPress Plugin v1.0.4

Software and Security Information