CVE-2024-2200 | BestWebSoft Contact Form Plugin up to 4.2.8 on WordPress cntctfrm_contact_subject cross site scripting

Posted by Angelo Barbosa | Mar 14, 2024 | CVE

A vulnerability was found in BestWebSoft Contact Form Plugin up to 4.2.8 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument cntctfrm_contact_subject leads to cross site scripting.

This vulnerability is known as CVE-2024-2200. The attack can be launched remotely. There is no exploit available.

CVE-2024-2200 | BestWebSoft Contact Form Plugin up to 4.2.8 on WordPress cntctfrm_contact_subject cross site scripting

Related Posts

CVE-2024-39755 | Veertu Anka Build 1.42.0 Anka Node Agent Update improper ownership management (TALOS-2024-2060)

CVE-2024-7468 | Raisecom MSG1200/MSG2100E/MSG2200/MSG2300 3.90 Web Interface list_service_manage.php sslvpn_config_mod template/stylenum os command injection

CVE-2024-9038 | Codezips Online Shopping Portal 1.0 insert-product.php productimage1/productimage2/productimage3 unrestricted upload

CVE-2023-47620 | koush scrypted up to 0.55.0 plugin-http.ts owner/pkg cross site scripting (GHSL-2023-218)