HasThemes Extensions For CF7 Stored XSS Vulnerability
CVE-2024-29102
7.1HIGH
Summary
The vulnerability in HasThemes Extensions for CF7 stems from improper neutralization of input during web page generation, which allows attackers to exploit stored cross-site scripting (XSS). This risk enables an attacker to inject malicious scripts that can be executed within the context of a user’s session, potentially leading to unauthorized data access, session hijacking, and other malicious activities. Affected versions include Extensions For CF7 from n/a up to 3.0.6, underscoring the importance of keeping plugins updated to mitigate such vulnerabilities. Users are encouraged to review and address this issue to safeguard their WordPress installations.
Affected Version(s)
Extensions For CF7 <= 3.0.6
References
CVSS V3.1
Score:
7.1
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
FearZzZz (Patchstack Alliance)