3 matches found
CVE-2024-10683
The Contact Form 7 – PayPal & Stripe Add-on plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg & removequeryarg without appropriate escaping on the URL in all versions up to, and including, 2.3.1. This makes it possible for unauthenticated attackers...
CVE-2024-10683
CVE-2024-10683 affects the WordPress plugin Contact Form 7 – PayPal & Stripe Add-on, due to unsafe use of add_query_arg/remove_query_arg without proper escaping. The issue is Reflected XSS, exploitable by unauthenticated actors who can trick a user into clicking a manipulated link, with exploitat...
WordPress Contact Form 7 – PayPal & Stripe Add-on Plugin <= 2.3.1 is vulnerable to Cross Site Scripting (XSS)
Software Contact Form 7 – PayPal & Stripe Add-on Type Plugin Vulnerable versions = 2.3.1 Fixed in 2.3.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10683 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 86607dd77930...