http://weblogtoolscollection.com/news/ Weblogtoolscollection News Topic: XSS vulnerability in WP Contact Form (III) en Thu, 20 Jun 2013 01:44:44 +0000 http://weblogtoolscollection.com/news/topic/xss-vulnerability-in-wp-contact-form-iii#post-2243 Sun, 03 Feb 2008 21:46:48 +0000 kzkw 2243@http://weblogtoolscollection.com/news/ <p>I'm the author behind <a href="http://wordpress.org/extend/plugins/wp-contact-form-iii/">WP Contact Form III</a> and someone discovered <a href="http://www.hiredhacker.com/2008/02/02/xss-in-wp-contact-form-iii/">XSS vulnerability</a> in the plugin.</p> <p>My plugin and I think at least three other contact form plugins are based on <a href="http://wordpress.org/extend/plugins/wp-contact-form/">WP Contact Form</a>, which also have the same code pointed out in the article on hiredhacker.com. </p> <p>I don't know if the other plugin authors who have used WP Contact Form as a base have fixed theirs, but at least mine and the original have the security issue. </p>