Description

This form is served from an insecure page (http) page. This page could be hijacked using a Man-in-the-middle attack and an attacker can replace the form target.

Remediation

The form should be served from a secure (https) page.

References

OWASP - Transport Layer Protection Cheat Sheet

CWE-319: Cleartext Transmission of Sensitive Information

Related Vulnerabilities

WordPress Plugin Salon Booking System Multiple Information Disclosure Vulnerabilities (7.6.2)

SAP NetWeaver server info information disclosure

WordPress Plugin Advanced Custom Fields (ACF) Information Disclosure (6.0.2)

phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-2042)

WordPress Plugin WP Activity Log Information Disclosure (3.1.1)

Severity

Medium

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure Sensitive Data Not Over Ssl