CVE-2024-2030

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Published Mar 13, 2024

CWE ID 79

Summary

CVE-2024-2030 is a Stored Cross-Site Scripting vulnerability affecting the Database for Contact Form 7, WPforms, and Elementor forms plugins for WordPress. The flaw, present in all versions up to 1.3.3, stems from insufficient input sanitization and output escaping on user-supplied attributes. This vulnerability allows authenticated attackers with contributor-level access or higher to inject malicious web scripts into pages. Execution of these scripts occurs whenever a user accesses an injected page.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Cisco Unity Connection

Affected Vendors

Cisco Systems Inc

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/uREXNu
https://www.cve.org/CVERecord?id=CVE-2024-2030
https://nvd.nist.gov/vuln/detail/CVE-2024-2030

Back to Vulnerability Database