CVE-2023-54332

Name of the Vulnerable Software and Affected Versions Jetpack version 11.4

Description The software contains a cross-site scripting issue within the contact form module. An attacker can inject malicious scripts through the post id parameter. By crafting malicious URLs with script payloads, an attacker can execute arbitrary JavaScript in a victim’s browser when they interact with the contact form page.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the contact form module.