Ultimate Addons for Contact Form 7, CVE-2023-2803

CVE, Research URL: CVE-2023-2803
Home page URL: Security reports for Ultimate Addons for Contact Form 7
Application: Ultimate Addons for Contact Form 7
Published on: Aug 15, 2023
Research Description: The Ultimate Addons for Contact Form 7 WordPress plugin before 3.1.29 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
Affected versions: Min -, max 3.1.29.
Status: vulnerable