Re: [FD] Contact Form Email 7.10.41 - Reflected XSS & CSRF (WordPress Plugin)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Tue, Feb 05, 2019 at 04:25:25PM +0100, Tim Coen wrote: > https://security-consulting.icu/blog/2019/02/wordpress-contact-form-email-xss-csrf/ MITRE assigned CVE-2019-9646 for this vulnerability. - -- Henri Salo -BEGIN PGP SIGNATURE-

[FD] Contact Form Email 7.10.41 - Reflected XSS & CSRF (WordPress Plugin)

* Vulnerability: XSS & CSRF * Affected Software: [Contact Form Email](https://wordpress.org/plugins/contact-form-to-email/) * Affected Version: 1.2.65 * Patched Version: 1.2.66 * CVE: not requested * Risk: Medium * Vendor Contacted: 10/31/2018 * Vendor Fix: 10/31/2018 * Public