Reflected XSS Vulnerability Affects Connect Contact Form 7 to Constant Contact
CVE-2024-54343

7.1HIGH

Key Information:

Vendor: WordPress
Status: Connect Contact Form 7 To Constant Contact
Vendor: CVE Published:; 13 December 2024

Summary

A vulnerability has been identified in the Howard Ehrenberg Connect Contact Form 7 to Constant Contact plugin, specifically related to improper input neutralization during web page generation. This vulnerability allows for reflected Cross-site Scripting (XSS) attacks, which may enable malicious actors to inject arbitrary scripts into web pages viewed by users. Exploitation of this flaw could lead to unauthorized data access or manipulation, raising serious concerns regarding the security and integrity of web interactions facilitated by the affected plugin version 1.4 and earlier.

Affected Version(s)

Connect Contact Form 7 to Constant Contact <= 1.4

References

https://patchstack.com/database/wordpress/plugin/connect-...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 13, 2024
Vulnerability Reserved
Dec 2, 2024

Credit

thiennv (Patchstack Alliance)