Vulnerabilities > CVE-2022-1914 - Unspecified vulnerability in Clean-Contact Project Clean-Contact

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

NONE

network

low complexity

clean-contact-project

NVD

Published: 2022-06-27

Updated: 2024-11-21

Summary

The Clean-Contact WordPress plugin through 1.6 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored XSS due to the lack of sanitisation and escaping as well

Vulnerable Configurations

Part	Description	Count
Application	Clean-Contact_Project Clean Contact Project Clean Contact *	1

References

https://wpscan.com/vulnerability/8c8dad47-8591-47dc-b84f-8c5cb18b2d78
https://wpscan.com/vulnerability/8c8dad47-8591-47dc-b84f-8c5cb18b2d78