CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-0143

The Send PDF for Contact Form 7 WordPress plugin before 0.9.9.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 54.2%

CVSS Severity

CVSS v3 Score 5.4

References

https://wpscan.com/vulnerability/c4cd3d98-9678-49cb-9d1a-551ef8a810b9
https://wpscan.com/vulnerability/c4cd3d98-9678-49cb-9d1a-551ef8a810b9

Products affected by CVE-2023-0143

Send Pdf For Contact Form 7 Project » Send Pdf For Contact Form 7 » Version: Any

cpe:2.3:a:send_pdf_for_contact_form_7_project:send_pdf_for_contact_form_7:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-0143

Products

Pricing

Contact Us