CVE-2021-24247

MEDIUM

Mooveagency Contact Form Check Tester < 1.0.2 - XSS

Title source: rule

Description

The Contact Form Check Tester WordPress plugin through 1.0.2 settings are visible to all registered users in the dashboard and are lacking any sanitisation. As a result, any registered user, such as subscriber, can leave an XSS payload in the plugin settings, which will be triggered by any user visiting them, and could allow for privilege escalation. The vendor decided to close the plugin.

Exploits (1)

exploitdb WRITEUP

by 0xB9 · textwebappsphp

https://www.exploit-db.com/exploits/50703

View Code ZIP pw:eip

References (1)

[Exploit, Third Party Advisory] https://wpscan.com/vulnerability/e2990a7a-d4f0-424e-b01d-ecf67cf9c9f3

Scores

CVSS v3 5.4

EPSS 0.0034

EPSS Percentile 56.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

mooveagency/contact_form_check_tester < 1.0.2

Published May 06, 2021

Tracked Since Feb 18, 2026