CVE-2023-49766

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Dec 14, 2023

Updated: Dec 18, 2023

CWE ID 79

Summary

CVE-2023-49766 is a Cross-site Scripting (XSS) vulnerability affecting Themefic Ultimate Addons for Contact Form 7. This issue, specifically a Stored XSS flaw, occurs during web page generation. Malicious code can be injected into the addon, potentially allowing attackers to execute malicious scripts within a user's browser when they view a crafted webpage. The vulnerability affects versions 3.2.0 and earlier of Ultimate Addons for Contact Form 7.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/toKKOk
https://www.cve.org/CVERecord?id=CVE-2023-49766
https://nvd.nist.gov/vuln/detail/CVE-2023-49766

Back to Vulnerability Database

CVE-2023-49766

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations