oss-sec mailing list archives

CVE Request - Cross-Site Request Forgery, Cross-Site Scripting and SQL Injection in CP Contact Form with Paypal Wordpress Plugin v1.1.5

From: Nitin Venkatesh <venkatesh.nitin () gmail com>
Date: Sat, 11 Jul 2015 04:06:07 +0000

Hi,

I discovered Cross-Site Request Forgery, Cross-Site Scripting and SQL
Injection in CP Contact Form with Paypal Wordpress Plugin v1.1.5 which was
responsibly disclosed to the vendor who fixed the issues in v1.1.6.

I request a CVE for the same.

References:
http://seclists.org/fulldisclosure/2015/Jul/49

Thanks & regards,
Nitin Venkatesh

Current thread:

CVE Request - Cross-Site Request Forgery, Cross-Site Scripting and SQL Injection in CP Contact Form with Paypal Wordpress Plugin v1.1.5 Nitin Venkatesh (Jul 10)