Description
Cross-site scripting (XSS) vulnerability in Peter's Random Anti-Spam Image 0.2.4 and earlier plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the comment field in the comment form.
Remediation
References
Related Vulnerabilities
Jboss EAP Improper Restriction of XML External Entity Reference Vulnerability (CVE-2017-7503)
WordPress Plugin Contact Form Generator Multiple Cross-Site Request Forgery Vulnerabilities (2.1.86)
PHP Deserialization of Untrusted Data Vulnerability (CVE-2017-11143)