CVE-2024-29130

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Mar 19, 2024

CWE ID 79

Summary

CVE-2024-29130 is a Cross-site Scripting (XSS) vulnerability affecting the Contact Form 7 – PayPal & Stripe Add-on. The flaw, which resides in the plugin's web page generation process, allows an attacker to inject malicious scripts through user input. This issue potentially impacts versions of the add-on from the initial release through 2.0, putting websites using this plugin at risk of data theft or unauthorized access.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/u8uuv3
https://www.cve.org/CVERecord?id=CVE-2024-29130
https://nvd.nist.gov/vuln/detail/CVE-2024-29130

Back to Vulnerability Database

CVE-2024-29130

CVSS 3.1 Score 7.1 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations