Multiple cross-site scripting (XSS) vulnerabilities in includes/toAdmin.php in Contact Form 7 Integrations plugin 1.0 through 1.3.10 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) uE or (2) uC parameter.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| contactus | contact_form_7_integrations | 1.3.8 |
| contactus | contact_form_7_integrations | 1.3.3 |
| contactus | contact_form_7_integrations | 1.3.7 |
| contactus | contact_form_7_integrations | 1.3.6 |
| contactus | contact_form_7_integrations | 1.3.4 |
| contactus | contact_form_7_integrations | 1.3.9 |
| contactus | contact_form_7_integrations | 1.3.2 |
| contactus | contact_form_7_integrations | 1.3.5 |
| contactus | contact_form_7_integrations | 1.3 |
| contactus | contact_form_7_integrations | 1.3.1 |
| contactus | contact_form_7_integrations | 1.3.10 |