CVE-2021-24247
Expert Analysis
Professional remediation guidance
Get tailored security recommendations from our analyst team for CVE-2021-24247. We'll provide specific mitigation strategies based on your environment and risk profile.
Description
The Contact Form Check Tester WordPress plugin through 1.0.2 settings are visible to all registered users in the dashboard and are lacking any sanitisation. As a result, any registered user, such as subscriber, can leave an XSS payload in the plugin settings, which will be triggered by any user visiting them, and could allow for privilege escalation. The vendor decided to close the plugin.
Available Exploits
Related News
Affected Products
Affected Versions:
WordPress Vulnerability
Identified and analyzed by Wordfence
Software Type
Patch Status
Published
Software Details
Software Name
Contact Form Check Tester
Software Slug
contact-form-check-tester
Affected Versions
Remediation
No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
© Defiant Inc. Data provided by Wordfence.
GitHub Security Advisories
Community-driven vulnerability intelligence from GitHub
Advisory Details
CVSS Scoring
CVSS Score
References
Advisory provided by GitHub Security Advisory Database. Published: May 24, 2022, Modified: May 24, 2022