Reflected XSS Vulnerability in Contact Form 7 - PayPal & Stripe Add-on
CVE-2024-29130

6.1MEDIUM

Key Information:

Vendor: WordPress
Status: Contact Form 7 – Paypal & Stripe Add-on
Vendor: CVE Published:; 19 March 2024

Summary

A reflected Cross-Site Scripting (XSS) vulnerability exists in the Scott Paterson Contact Form 7 – PayPal & Stripe Add-on, allowing attackers to inject malicious scripts into web pages. This issue can lead to unauthorized actions on behalf of users, potentially compromising sensitive information and accounts. The vulnerability affects all versions from n/a through version 2.0 of the add-on, making it critical for users to apply patches and updates to secure their applications against this exploit.

Affected Version(s)

Contact Form 7 – PayPal & Stripe Add-on <= 2.0

References

https://patchstack.com/database/vulnerability/contact-for...

vdb-entry

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 19, 2024
Vulnerability Reserved
Mar 16, 2024

Credit

Brandon Roldan (Patchstack Alliance)