Contact Form Entries
Monthly
Reflected cross-site scripting in the CRM Perks "Contact Form Entries" WordPress plugin (versions up to and including 1.5.2) lets remote attackers inject script that executes in a victim's browser after the victim clicks a crafted link. Because the CVSS scope is changed (S:C), successful injection can reach data and actions beyond the vulnerable component, typically the WordPress admin/session context. No public exploit has been identified and it is not on CISA KEV; the flaw was reported by Patchstack.
Reflected cross-site scripting in the CRM Perks "Contact Form Entries" WordPress plugin (versions up to and including 1.5.2) lets remote attackers inject script that executes in a victim's browser after the victim clicks a crafted link. Because the CVSS scope is changed (S:C), successful injection can reach data and actions beyond the vulnerable component, typically the WordPress admin/session context. No public exploit has been identified and it is not on CISA KEV; the flaw was reported by Patchstack.