Headline
CVE-2022-29408: WordPress Advanced Contact form 7 DB plugin <= 1.8.7 - Persistent Cross-Site Scripting (XSS) vulnerability - Patchstack
Persistent Cross-Site Scripting (XSS) vulnerability in Vsourz Digital’s Advanced Contact form 7 DB plugin <= 1.8.7 at WordPress.
Not fixed
4.7
CVSS 3.1 score Medium severity
Monitoring Coming soon
Vulnerable versions
<= 1.8.7
PSID
acdd9e726151
Classification
Cross Site Scripting (XSS)
OWASP Top 10
A7: Cross-Site Scripting (XSS)
Required privilege
Can be exploited remotely without any authentication
Credits
BEE-K (Patchstack)
Publicly disclosed
2022-04-21
Details
Persistent Cross-Site Scripting (XSS) vulnerability discovered in Advanced Contact form 7 DB plugin (versions <= 1.8.7) by BEE-K.
Solution
Deactivate the plugin.
References
Plugin page Changelog CVE-2022-29408