One of the best things about WordPress is the cascade of available themes. Finding an excellent theme can be fantastic. One of the downsides: when support lapses or standards change and your site is left high and dry. What’s a theme that you loved that is now...
DescriptionContact Form Clean and Simple is vulnerable to Authenticated stored XSS. When a user has admin capabilities, malicious code can be submitted through the plugin’s options. This code will then be executed on every page with the contact form on the...
Proof of Concept Vulnerable code is from like 68 to 84. The code gets the value of option `bm_row_amount` from database and matches it with the GET request `row_amount`. If they do not match then it updates the option `bm_row_amount` with the provided GET value. If...
