CVE-2020-10385 Report - Details, Severity, & Advisories
Twingate Team
•
Feb 8, 2024
CVE-2020-10385 is a medium-severity stored cross-site scripting (XSS) vulnerability that affects the WPForms Contact Form plugin for WordPress, specifically in versions before 1.5.9. This vulnerability can impact WordPress systems using the affected plugin, allowing attackers to perform malicious actions such as stealing session cookies or login credentials, and performing arbitrary actions on the victim's behalf. It is crucial for users to update their plugin to the latest version to mitigate the risk posed by this vulnerability.
How do I know if I'm affected?
To determine if you're affected by the vulnerability, you need to check if you're using the WPForms WordPress plugin version 1.5.8.2 or below. If you are using one of these versions, you are at risk and should update to version 1.5.9 or higher as soon as possible. This vulnerability is a stored cross-site scripting (XSS) issue that can lead to malicious actions such as stealing session cookies or login credentials.
What should I do if I'm affected?
If you're affected by the vulnerability, take immediate action by updating your WPForms plugin to version 1.5.9 or higher. This will fix the stored XSS vulnerability and protect your WordPress site from potential attacks. Simply go to your WordPress dashboard, find the WPForms plugin, and click Update to install the latest version.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2020-10385 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. This stored cross-site scripting (XSS) vulnerability affects the WPForms Contact Form plugin for WordPress, specifically in versions before 1.5.9. It was added to the National Vulnerability Database on March 24, 2020. To address this vulnerability, users should update their plugin to version 1.5.9 or higher.
Weakness enumeration
The weakness enumeration for this vulnerability is categorized as CWE-79, which refers to improper neutralization of input during web page generation, leading to cross-site scripting (XSS) vulnerabilities.
For more details
CVE-2020-10385 is a medium-severity stored XSS vulnerability affecting the WPForms Contact Form plugin for WordPress before version 1.5.9. By updating to the latest version, users can mitigate the risk and protect their websites. For a comprehensive understanding of the vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page or the links below.
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
CVE-2020-10385 Report - Details, Severity, & Advisories
Twingate Team
•
Feb 8, 2024
CVE-2020-10385 is a medium-severity stored cross-site scripting (XSS) vulnerability that affects the WPForms Contact Form plugin for WordPress, specifically in versions before 1.5.9. This vulnerability can impact WordPress systems using the affected plugin, allowing attackers to perform malicious actions such as stealing session cookies or login credentials, and performing arbitrary actions on the victim's behalf. It is crucial for users to update their plugin to the latest version to mitigate the risk posed by this vulnerability.
How do I know if I'm affected?
To determine if you're affected by the vulnerability, you need to check if you're using the WPForms WordPress plugin version 1.5.8.2 or below. If you are using one of these versions, you are at risk and should update to version 1.5.9 or higher as soon as possible. This vulnerability is a stored cross-site scripting (XSS) issue that can lead to malicious actions such as stealing session cookies or login credentials.
What should I do if I'm affected?
If you're affected by the vulnerability, take immediate action by updating your WPForms plugin to version 1.5.9 or higher. This will fix the stored XSS vulnerability and protect your WordPress site from potential attacks. Simply go to your WordPress dashboard, find the WPForms plugin, and click Update to install the latest version.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2020-10385 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. This stored cross-site scripting (XSS) vulnerability affects the WPForms Contact Form plugin for WordPress, specifically in versions before 1.5.9. It was added to the National Vulnerability Database on March 24, 2020. To address this vulnerability, users should update their plugin to version 1.5.9 or higher.
Weakness enumeration
The weakness enumeration for this vulnerability is categorized as CWE-79, which refers to improper neutralization of input during web page generation, leading to cross-site scripting (XSS) vulnerabilities.
For more details
CVE-2020-10385 is a medium-severity stored XSS vulnerability affecting the WPForms Contact Form plugin for WordPress before version 1.5.9. By updating to the latest version, users can mitigate the risk and protect their websites. For a comprehensive understanding of the vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page or the links below.
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
CVE-2020-10385 Report - Details, Severity, & Advisories
Twingate Team
•
Feb 8, 2024
CVE-2020-10385 is a medium-severity stored cross-site scripting (XSS) vulnerability that affects the WPForms Contact Form plugin for WordPress, specifically in versions before 1.5.9. This vulnerability can impact WordPress systems using the affected plugin, allowing attackers to perform malicious actions such as stealing session cookies or login credentials, and performing arbitrary actions on the victim's behalf. It is crucial for users to update their plugin to the latest version to mitigate the risk posed by this vulnerability.
How do I know if I'm affected?
To determine if you're affected by the vulnerability, you need to check if you're using the WPForms WordPress plugin version 1.5.8.2 or below. If you are using one of these versions, you are at risk and should update to version 1.5.9 or higher as soon as possible. This vulnerability is a stored cross-site scripting (XSS) issue that can lead to malicious actions such as stealing session cookies or login credentials.
What should I do if I'm affected?
If you're affected by the vulnerability, take immediate action by updating your WPForms plugin to version 1.5.9 or higher. This will fix the stored XSS vulnerability and protect your WordPress site from potential attacks. Simply go to your WordPress dashboard, find the WPForms plugin, and click Update to install the latest version.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2020-10385 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. This stored cross-site scripting (XSS) vulnerability affects the WPForms Contact Form plugin for WordPress, specifically in versions before 1.5.9. It was added to the National Vulnerability Database on March 24, 2020. To address this vulnerability, users should update their plugin to version 1.5.9 or higher.
Weakness enumeration
The weakness enumeration for this vulnerability is categorized as CWE-79, which refers to improper neutralization of input during web page generation, leading to cross-site scripting (XSS) vulnerabilities.
For more details
CVE-2020-10385 is a medium-severity stored XSS vulnerability affecting the WPForms Contact Form plugin for WordPress before version 1.5.9. By updating to the latest version, users can mitigate the risk and protect their websites. For a comprehensive understanding of the vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page or the links below.