"TITLE":"Contact Form 7 Style <= 3.1.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting"
},
"data_format":"MITRE",
"data_type":"CVE",
"data_version":"4.0",
"generator":"WPScan CVE Generator",
"affects":{
"vendor":{
"vendor_data":[
{
"vendor_name":"Unknown",
"product":{
"product_data":[
{
"product_name":"Contact Form 7 Style",
"version":{
"version_data":[
{
"version_affected":"<=",
"version_name":"3.1.9",
"version_value":"3.1.9"
}
]
}
}
]
}
}
]
}
},
"description":{
"description_data":[
{
"lang":"eng",
"value":"Due to the lack of sanitization and lack of nonce protection on the custom CSS feature, an attacker could craft a request to inject malicious JavaScript on a site using the Contact Form 7 Style WordPress plugin through 3.1.9. If an attacker successfully tricked a site’s administrator into clicking a link or attachment, then the request could be sent and the CSS settings would be successfully updated to include malicious JavaScript."
