Contact Form Email 7.10.41 – Reflected XSS & CSRF (WordPress Plugin)

  • Vulnerability: XSS & CSRF
  • Affected Software: Contact Form Email (30,000+ active installations)
  • Affected Version: 1.2.65
  • Patched Version: 1.2.66
  • CVE: CVE-2019-9646 (XSS)
  • Risk: Medium
  • Vendor Contacted: 10/31/2018
  • Vendor Fix: 10/31/2018
  • Public Disclosure: 02/05/2019