CVE-2022-50960

Description

WordPress International Sms For Contact Form 7 Integration version 1.2 contains a reflected cross-site scripting vulnerability in the page parameter of the admin settings interface. Attackers can inject malicious scripts through the page parameter in class-sms-log-display.php to execute arbitrary JavaScript in administrator browsers.

References

• https://wordpress.org/plugins/cf7-international-sms-integration/
• https://www.exploit-db.com/exploits/50719
• https://www.vulncheck.com/advisories/wordpress-international-sms-contact-form-7-integration-xss