WordPress Contact Form Builder, Contact Widget Plugin <= 2.1.6 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-46075
7.1HIGH
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 26 October 2023
What is CVE-2023-46075?
A reflected cross-site scripting (XSS) vulnerability exists in the WPDevArt Contact Form Builder, Contact Widget plugin for WordPress, specifically in versions 2.1.6 and earlier. This vulnerability allows an attacker to inject malicious scripts into user responses, which may then be executed in the context of an unsuspecting user's browser. Successful exploitation could lead to sensitive data capture or session hijacking, compelling users to exercise caution when interacting with contact forms.
Affected Version(s)
Contact Form Builder, Contact Widget <= 2.1.6