CVE-2023-46824

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Published Nov 6, 2023

Updated: Nov 14, 2023

CWE ID 79

Summary

CVE-2023-46824 is a stored Cross-Site Scripting (XSS) vulnerability affecting the Contact Form 7 Popup Plugin, specifically versions 1.7.14 and below, from Om Ak Solutions Slick Popup. This issue permits an attacker to inject malicious scripts into the contact form's admin interface, allowing them to execute arbitrary code when a user views a crafted pop-up. Successful exploitation can lead to unauthorized access, data theft, or other malicious activities. Users are advised to update the plugin to the latest version as soon as possible to mitigate the risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/tKTG4T
https://www.cve.org/CVERecord?id=CVE-2023-46824
https://nvd.nist.gov/vuln/detail/CVE-2023-46824

Back to Vulnerability Database

CVE-2023-46824

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations