Unrated severityNVD Advisory· Published Jul 1, 2014· Updated Jun 17, 2026
CVE-2014-4518
CVE-2014-4518
Description
Cross-site scripting (XSS) vulnerability in xd_resize.php in the Contact Form by ContactMe.com plugin 2.3 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the width parameter.
Affected products
2- Range: <=2.3
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.