Vulnerabilities > Contact Form 7 Datepicker Project
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-07 | CVE-2020-11516 | Cross-site Scripting vulnerability in Contact-Form-7-Datepicker Project Contact-Form-7-Datepicker 2.6.0 Stored XSS in the Contact Form 7 Datepicker plugin through 2.6.0 for WordPress allows authenticated attackers with minimal permissions to save arbitrary JavaScript to the plugin's settings via the unprotected wp_ajax_cf7dp_save_settings AJAX action and the ui_theme parameter. | 3.5 |