VYPR
← All advisories
Unrated severityNVD Advisory· Published Sep 26, 2014· Updated May 6, 2026

CVE-2014-6445

CVE-2014-6445

Description

Multiple cross-site scripting (XSS) vulnerabilities in includes/toAdmin.php in Contact Form 7 Integrations plugin 1.0 through 1.3.10 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) uE or (2) uC parameter.

Affected products

11
  • Contactus/Contact Form 7 Integrations11 versions
    cpe:2.3:a:contactus:contact_form_7_integrations:1.3:*:*:*:*:wordpress:*:*+ 10 more
    • cpe:2.3:a:contactus:contact_form_7_integrations:1.3:*:*:*:*:wordpress:*:*
    • cpe:2.3:a:contactus:contact_form_7_integrations:1.3.1:*:*:*:*:wordpress:*:*
    • cpe:2.3:a:contactus:contact_form_7_integrations:1.3.2:*:*:*:*:wordpress:*:*
    • cpe:2.3:a:contactus:contact_form_7_integrations:1.3.3:*:*:*:*:wordpress:*:*
    • cpe:2.3:a:contactus:contact_form_7_integrations:1.3.4:*:*:*:*:wordpress:*:*
    • cpe:2.3:a:contactus:contact_form_7_integrations:1.3.5:*:*:*:*:wordpress:*:*
    • cpe:2.3:a:contactus:contact_form_7_integrations:1.3.6:*:*:*:*:wordpress:*:*
    • cpe:2.3:a:contactus:contact_form_7_integrations:1.3.7:*:*:*:*:wordpress:*:*
    • cpe:2.3:a:contactus:contact_form_7_integrations:1.3.8:*:*:*:*:wordpress:*:*
    • cpe:2.3:a:contactus:contact_form_7_integrations:1.3.9:*:*:*:*:wordpress:*:*
    • cpe:2.3:a:contactus:contact_form_7_integrations:1.3.10:*:*:*:*:wordpress:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.