Reflected XSS in Contact Form Plugin by aviplugins.com
CVE-2025-24564

7.1HIGH

Key Information:

Vendor: Aviplugins.com
Status: Contact Form With Shortcode
Vendor: CVE Published:; 14 February 2025

Summary

The Contact Form With Shortcode by aviplugins.com has a reflected XSS vulnerability that allows attackers to inject malicious scripts via user input. When a user submits a form, the application fails to adequately sanitize the input, leading to potential execution of harmful scripts in the context of other users. This vulnerability impacts versions from n/a up to 4.2.5, making it crucial for website administrators to apply security patches and validate user input to mitigate risks.

Affected Version(s)

Contact Form With Shortcode <= 4.2.5

References

https://patchstack.com/database/wordpress/plugin/contact-...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 14, 2025
Vulnerability Reserved
Jan 23, 2025

Credit

Le Ngoc Anh (Patchstack Alliance)