CVE-2023-44265
CVSS 3.1 Score 4.8 of 10 (medium)
Details
Published Oct 2, 2023
Updated: Oct 3, 2023
CWE ID 79
Summary
CVE-2023-44265 is a stored Cross-Site Scripting (XSS) vulnerability affecting version 7.1 of the Gopi Ramasamy Popup contact form plugin. An administrator with access to the plugin can exploit this issue by injecting malicious scripts into contact form submissions. Successful exploitation could lead to unauthorized access, data theft, or other malicious activities for attackers. Users are advised to update to the latest version of the plugin to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share