CVE-2024-5809

The WP Ajax Contact Form WordPress plugin through 2.2.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against admin users

CVSS

No CVSS.

References

Link	Resource
https://wpscan.com/vulnerability/0af9fbcf-5f0e-4f7f-ae60-b46e704cf0a5/

Configurations

No configuration.

History

30 Jul 2024, 13:32

Type	Values Removed	Values Added
Summary		(es) El complemento de WordPress WP Ajax Contact Form hasta la versión 2.2.2 no sanitiza ni escapa un parámetro antes de devolverlo a la página, lo que genera Cross Site Scripting reflejado que podría usarse contra usuarios administradores.

30 Jul 2024, 06:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-07-30 06:15

Updated : 2024-07-30 13:32

NVD link : CVE-2024-5809

Mitre link : CVE-2024-5809

CVE.ORG link : CVE-2024-5809

JSON object : View

Products Affected

No product.

CWE

No CWE.

JSON object

Attach tags to CVE-2024-5809

Attach tags to `CVE-2024-5809`