CVE-2024-33697

CVSS 3.1 Score 5.9 of 10 (medium)

Details

Published Apr 26, 2024

CWE ID 79

Summary

CVE-2024-33697 is a Cross-site Scripting (XSS) vulnerability affecting CF7 File Download – File Download for CF7, from version n/a through 2.0. The flaw lies in the improper neutralization of user input during web page generation. An attacker can exploit this vulnerability by injecting malicious scripts into the CF7 File Download plugin, leading to stored XSS attacks on unsuspecting users. Successful exploitation can result in unauthorized access, data theft, or other malicious activities. It is recommended that affected users upgrade to a patched version of the plugin as soon as possible to mitigate the risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/vn6mZp
https://www.cve.org/CVERecord?id=CVE-2024-33697
https://nvd.nist.gov/vuln/detail/CVE-2024-33697

Back to Vulnerability Database

CVE-2024-33697

CVSS 3.1 Score 5.9 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations