WordPress cformsII Plugin XSS Vulnerability

Security Researchers have discovered a cross site scripting vulnerability in cformsII Plugin for WordPress. Vulnerability is confirmed with WordPress cformsII  Version 13.1 and Other previous versions may also be affected. We strongly advise you to immediately upgrade the plugin to its new version 13.2.

cformsII  Plugin Description Powerful and feature rich form plugin for WordPress, offering convenient deployment of multiple Ajax driven contact forms.
Plugin Ownership Deliciousdays
Version(s) Affected 13.1 and previous versions may also be affected.
Plugin Description & Download Plugin Download Page [Plugin is not available in WordPress Plugin Database.]
Vulnerability Description The issue is due to Input passed to the “rs” parameter in “wp-content/plugins/cforms/lib_ajax.php” is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site.
Impact Self hosted WordPress Blogs.
Solution Upgrade to version 13.2
Reference Deliciousdays, Secunia


Pratik is a young Geek, professional blogger and Information Security Professional. He writes about Information and Security, Web technologies, Development, Blogging and other web resources. For any query about Pratik mail him: Pratik@hotmail.com

More Posts - Website

Leave a Reply

You might also likeclose