Vulnerabilities > CVE-2021-25079 - Unspecified vulnerability in Crmperks Contact Form Entries

047910
CVSS 6.1 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
LOW
Integrity impact
LOW
Availability impact
NONE
network
low complexity
crmperks

Summary

The Contact Form Entries WordPress plugin before 1.2.4 does not sanitise and escape various parameters, such as form_id, status, end_date, order, orderby and search before outputting them back in the admin page

Vulnerable Configurations

Part Description Count
Application
Crmperks
1