CVE-2023-2802
CVSS 3.1 Score 6.5 of 10 (medium)
Details
Published Aug 14, 2023
Updated: Nov 7, 2023
CWE ID 352
Summary
CVE-2023-2802 is a vulnerability affecting the Ultimate Addons for Contact Form 7 plugin before version 3.1.29 for WordPress. This issue permits high privilege users, including admins, to execute Stored Cross-Site Scripting attacks, despite the unfiltered_html capability being disabled. The plugin fails to appropriately sanitize and escape certain settings, leaving them susceptible to malicious scripts. In multisite setups, this vulnerability can pose a significant security risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Vendors
- HCL Technologies Ltd.