Reflected XSS Vulnerability in Contact Form With Captcha
CVE-2023-45771

7.1HIGH

Key Information:

Vendor: WordPress
Status: Contact Form With Captcha
Vendor: CVE Published:; 26 March 2024

What is CVE-2023-45771?

An identified vulnerability in Contact Form With Captcha permits an attacker to exploit improper neutralization of input during web page generation, leading to Reflected Cross-site Scripting (XSS). This issue can be triggered when user inputs are not properly sanitized, allowing malicious scripts to be injected and executed in the victim's browser. Such vulnerabilities pose serious security threats, enabling attackers to gain unauthorized access, manipulate web content, or execute harmful actions on behalf of unsuspecting users.

Affected Version(s)

Contact Form With Captcha <= 1.6.8

References

https://patchstack.com/database/vulnerability/contact-for...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 26, 2024
Vulnerability Reserved
Oct 12, 2023

Credit

LEE SE HYOUNG (Patchstack Alliance)