VYPR

Contact Form 7 Datepicker

by WordPress

CVEs (1)

  • CVE-2020-11516MedApr 7, 2020
    risk 0.35cvss 5.4epss 0.01

    Stored XSS in the Contact Form 7 Datepicker plugin through 2.6.0 for WordPress allows authenticated attackers with minimal permissions to save arbitrary JavaScript to the plugin's settings via the unprotected wp_ajax_cf7dp_save_settings AJAX action and the ui_theme parameter. If…