Skip to main content

Contact Bank

2 CVEs product

Monthly

CVE-2022-3350 MEDIUM POC This Month

The Contact Bank WordPress plugin through 3.0.30 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Contact Bank
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2014-3841 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Contact Bank plugin before 2.0.20 for WordPress allows remote attackers to inject arbitrary web script or HTML via the Label field, related to form. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS WordPress Contact Bank
NVD
CVSS 2.0
4.3
EPSS
0.3%
EPSS 0% CVSS 4.8
MEDIUM POC This Month

The Contact Bank WordPress plugin through 3.0.30 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Contact Bank
NVD WPScan
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the Contact Bank plugin before 2.0.20 for WordPress allows remote attackers to inject arbitrary web script or HTML via the Label field, related to form. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS WordPress Contact Bank
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy