Log out
Get PRO

Latest

Input validation vulnerability in Zebra_Form library (5 plugins affected)

  • Severity: medium-risk
  • Status: Open
  • Publication: February 14, 2021

The Zebra_Form library, found in some plugins for the website software WordPress, is vulnerable to an attack called Reflected Cross-Site Scripting. This attack can be used by unauthenticated attackers to inject malicious code in web pages that can be executed if the user can be tricked into clicking a link or performing an action. The vulnerability exists in versions of the library up to and including version 2.9.8 due to insufficient sanitization of user input and lack of escaping of output.

Detected in:

Customer Service Software & Support Ticket System fixed vulnerable versions: >= * <= 5.5.1
Customer Support Ticket System & Helpdesk Plugin for WordPress fixed vulnerable versions:
Ad Swapper open vulnerable versions: >= * <= 1.0.3
Drug Search open vulnerable versions: >= * <= 1.0.0
Teaser Maker open vulnerable versions: >= * <= 0.1.114
WP Inimat open vulnerable versions: >= * <= 1.0

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.