CVE-2023-5005

Name of the Vulnerable Software and Affected Versions Autocomplete Location field Contact Form 7 WordPress plugin versions prior to 3.0 autocomplete-location-field-contact-form-7-pro WordPress plugin versions prior to 2.0

Description The issue concerns the Autocomplete Location field Contact Form 7 WordPress plugin and its pro version, where certain settings are not properly sanitised and escaped. This could allow high-privilege users, such as administrators, to perform Stored Cross-Site Scripting attacks, even in scenarios where the unfiltered html capability is disallowed, like in multisite setups.

Recommendations For Autocomplete Location field Contact Form 7 WordPress plugin versions prior to 3.0, update to version 3.0 or later. For autocomplete-location-field-contact-form-7-pro WordPress plugin versions prior to 2.0, update to version 2.0 or later. As a temporary workaround, consider restricting administrative access to trusted users only until the update is applied.