CVE-2022-25601

MEDIUM

Contact Form X <= 2.4 - Reflected Cross-Site Scripting via Tab Parameter

Title source: llm
STIX 2.1

Description

Reflected Cross-Site Scripting (XSS) vulnerability affecting parameter &tab discovered in Contact Form X WordPress plugin (versions <= 2.4).

References (5)

Core 5
Core References
Release Notes, Third Party Advisory x_refsource_confirm
https://wordpress.org/plugins/contact-form-x/#developers

Scores

CVSS v3 4.7
EPSS 0.0033
EPSS Percentile 56.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (5)
fedoraproject/fedora 34
fedoraproject/fedora 35
fedoraproject/fedora 36
Jeff Starr/Contact Form X (WordPress plugin) <= 2.4 - 2.4
plugin-planet/contact_form_x < 2.4.1
Published Mar 11, 2022
Tracked Since Feb 18, 2026