CVE-2022-50960

WordPress International Sms Contact Form 7 Integration 1.2 XSS

CVSS 5.1 MEDIUMEPSS 0.2%CWE-79

WordPress International SMS for Contact Form 7 Integration version 1.2 contains a reflected cross-site scripting vulnerability in the page parameter of the admin settings interface. Attackers can inject malicious scripts through the page parameter in class-sms-log-display.php to execute arbitrary JavaScript in administrator browsers.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Affected products

Varun Sridharan · International Sms For Contact Form

public PoCs found — 1

cve_referencewww.exploit-db.com/exploits/50719unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://wordpress.org/plugins/cf7-international-sms-integration/https://www.exploit-db.com/exploits/50719 https://www.vulncheck.com/advisories/wordpress-international-sms-contact-form-7-integration-xss