Security Researchers have discovered a cross site scripting vulnerability in cformsII Plugin for WordPress. Vulnerability is confirmed with WordPress cformsII Version 13.1 and Other previous versions may also be affected. We strongly advise you to immediately upgrade the plugin to its new version 13.2.
|cformsII Plugin Description||Powerful and feature rich form plugin for WordPress, offering convenient deployment of multiple Ajax driven contact forms.|
|Version(s) Affected||13.1 and previous versions may also be affected.|
|Plugin Description & Download||Plugin Download Page [Plugin is not available in WordPress Plugin Database.]|
|Vulnerability Description||The issue is due to Input passed to the “rs” parameter in “wp-content/plugins/cforms/lib_ajax.php” is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site.|
|Impact||Self hosted WordPress Blogs.|
|Solution||Upgrade to version 13.2|