Stored XSS Vulnerability in Contact Form 7 Summary and Print
CVE-2024-38724

7.1HIGH

Key Information:

Vendor: Muhammad Rehman
Status: Contact Form 7 Summary And Print
Vendor: CVE Published:; 13 August 2024

Summary

A vulnerability exists in the Contact Form 7 Summary and Print plugin developed by Muhammad Rehman, allowing attackers to exploit Cross-Site Request Forgery (CSRF) scenarios that can lead to Stored Cross-Site Scripting (XSS) attacks. This security flaw enables the unauthorized execution of scripts stored on the server, potentially exposing sensitive user data and compromising the web application's integrity. Affected versions include up to 1.2.5, demanding immediate attention to secure environments utilizing this plugin.

Affected Version(s)

Contact Form 7 Summary and Print <= 1.2.5

References

https://patchstack.com/database/vulnerability/cf7-summary...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Aug 13, 2024
Vulnerability Reserved
Jun 19, 2024

Collectors

NVD DatabaseMitre Database

Credit

Cronus (Patchstack Alliance)