CVE-2023-4950

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Oct 16, 2023

Updated: Nov 7, 2023

CWE ID 120

Summary

CVE-2023-4950 is a vulnerability affecting the Interactive Contact Form and Multi Step Form Builder plugin for WordPress. Before version 3.4, the plugin failed to sanitize and escape certain parameters, making it susceptible to Cross-Site Scripting (XSS) attacks. Unauthenticated users could exploit this flaw to inject malicious scripts into a target website, potentially stealing user data or taking control of the site. Website administrators are urged to update the plugin as soon as possible to protect against these attacks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/tlEuUW
https://www.cve.org/CVERecord?id=CVE-2023-4950
https://nvd.nist.gov/vuln/detail/CVE-2023-4950

Back to Vulnerability Database

CVE-2023-4950

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations